SECURAAI - PROJECT FERAL
METHODOLOGY - TRI-FRAMEWORK

Research Methodology

Project Feral applies a tri-framework approach combining CSA MAESTRO for architectural decomposition, OWASP ASI Top 10 for agentic risk taxonomy, and MITRE ATLAS for adversarial technique mapping. Phase I.5 integrates intelligence from 4 confirmed ATLAS case studies (Report 26-00176-1).

Tri-Framework Approach
Three lenses, complete coverage
Architecture
CSA MAESTRO
7-layer reference architecture for Multi-Agent Systems. Structural decomposition from foundation models through deployment.
Risk Taxonomy
OWASP ASI Top 10
10 critical security risks for agentic AI. Released Dec 2025, peer-reviewed by 100+ experts.
Adversary TTPs
MITRE ATLAS
AI-specific attack techniques. 4 OpenClaw case studies (AML.CS0048-0051) published Feb 2026.

Why three? MAESTRO tells us where to look (architectural layers). ASI tells us what to look for (attack patterns). ATLAS tells us how adversaries actually exploit these (real-world TTPs). Together they produce threat intelligence that no single framework achieves alone.

🏗
MAESTRO Layer Coverage
7/7 layers mapped with threat distribution
L7
Ecosystem & Strategic Integrations
T05, T06, T08, T10 4
L6
Deployment Infrastructure
T03 1
L5
Agent Orchestration
T09 1
L4
Tool & External Integration
T02, T07, T10 3
L3
Agent Framework Core
T02, T05, T06, T07, T09 5
L2
Data Operations & RAG
T01, T03, T04, T08 4
L1
Foundation Models
T01, T04 2

Layer 3 (Agent Framework) shows the highest threat density - 5 of 10 threats manifest here. This reflects OpenClaw's architecture where the AgentSession runtime handles context assembly, tool dispatch, and inter-agent routing.

🎯
OWASP ASI Top 10 Coverage
10/10 categories addressed
ASI01
Agent Goal Hijack
ASI02
Tool Misuse
ASI03
Identity Abuse
ASI04
Supply Chain
ASI05
Code Execution
ASI06
Memory Injection
ASI07
Inter-Agent Comms
ASI08
Cascading Failures
ASI09
Trust Exploitation
ASI10
Rogue Agents
MITRE ATLAS Techniques
Key TTPs from OpenClaw investigation (Report 26-00176-1)
T0051
LLM Prompt Injection
T0033
AI Agent Tool Invocation
T0080
Context Poisoning
T0081
Modify Agent Config
T0155
Escape to Host
T0083
Creds from Config
T0010
AI Supply Chain
T0025
Exfiltration via Tool

Most frequently observed: LLM Prompt Injection (T0051) and AI Agent Tool Invocation (T0033) appear in all 4 case studies. Modify AI Agent Configuration (T0081) and Escape to Host (T0155) are flagged as "Still Under Investigation" by MITRE.

📋
Threat Modeling Process
Phase I.5 methodology steps
01
Architecture Review
Decompose OpenClaw into MAESTRO layers; identify components and data flows
02
Trust Boundaries
Map 6 critical boundaries where data crosses security domains
03
Threat Enumeration
Apply ASI categories + ATLAS TTPs; score by feasibility & impact
04
Validation
Cross-reference with MITRE case studies and real-world incidents
05
Mitigations
Prioritize by P0/P1/P2 with hardening configs and ATLAS mitigations
📚
Framework References
Primary sources and standards

This research aligns with established frameworks released by leading standards bodies. Phase I.5 adds MITRE ATLAS as the third framework based on their Feb 2026 OpenClaw investigation.

CSA MAESTRO Framework OWASP ASI Top 10 (2026) MITRE ATLAS AML.CS0048 - Exposed Interfaces AML.CS0049 - Poisoned Skill AML.CS0050 - One-Click RCE AML.CS0051 - C2 via Injection NIST AI RMF
SecuraAI - Project Feral - Methodology - Phase I.5 - Feb 2026
MITRE ATLAS Source: 26-00176-1 - CC BY-NC-SA 4.0