Secure Agentic Framework

Open-source security standards for AI agents · Linux Foundation / OpenSSF

An OpenSSF / Linux Foundation Project

The open-source security standard for AI agents

Map, assess, and mitigate threats across the entire agentic AI attack surface.

AGENTIC THREAT FRAMEWORK

SAF-MCP

14 Tactics85 Techniques

Security specification adapting MITRE ATT&CK for MCP environments.

Operates as a SIG under OpenSSF’s AI/ML Working Group, with project-level status in progress.

Explore SAF-MCP

KUBERNETES & AI SECURITY CONTROLS

SAF-K8S

593 Controls10 Domains55 Knowledge Areas

Security control catalog for Kubernetes clusters running AI workloads — from cluster hardening to GPU security, model serving, and RAG infrastructure.

4,916 crosswalk mappings to EU AI Act, NIST 800-53, NIST AI RMF, and NIST SSDF.

Explore SAF-K8S

SAF-MCP Threat Catalog

Adapts the MITRE ATT&CK methodology for MCP environments. Each technique includes actionable mitigations and maps to NIST SP 800-53, OWASP LLM Top 10, and the EU AI Act.

Severity

Attack Chain

Built by contributors — co-creators, OpenSSF SIG leads, and community contributors from Microsoft, Atlassian, Nutanix, Northeastern, Ford, Meta, eBay, Google, Wells Fargo, Pow.Bio, and Astha.

Meet the contributors

Open Source

Build the standard with us

The Secure Agentic Framework is community-driven, hosted under the Linux Foundation / OpenSSF.

SAF-MCP operates as a SIG under OpenSSF’s AI/ML Working Group, with project-level status in progress.

Secure Agentic Framework

The open-source security standard for AI agents

SAF-MCP

SAF-K8S

SAF-MCP Threat Catalog

Build the standard with us

Contribute to SAF-MCP

Contribute to SAF-K8S

Join the Community