This reference maps each threat in the cloud + AI threat model to four published security frameworks, so the model speaks the same language a reviewer or auditor already uses. The four frameworks, in plain terms: • OWASP Top 10 for LLM Applications (2025) — the ten highest-priority risks for systems built on a large language model. A risk-priority list. • OWASP Top 10 for Agentic Applications, “ASI” (2026) — the equivalent list for autonomous agents that plan, call tools, and act. It adds risks that only appear once a model can take actions on its own. • MITRE ATLAS (v5.4.0) — a catalogue of real adversary techniques against AI systems, written the way MITRE ATT&CK catalogues conventional attacks. Each technique has an identifier in the form AML.TXXXX. • NIST AI Risk Management Framework (AI RMF 1.0) and the Generative AI Profile (AI 600-1) — the U.S. governance structure for managing AI risk, organised around four functions: Govern, Map, Measure, and Manage.
Narnaiezzsshaa Truong (Tue,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: