AIDEFEND (Artificial Intelligence Defense Framework) is an open, AI-focused knowledge base of defensive countermeasures designed to help security professionals protect AI/ML systems from emerging threats.
Explore the interactive AIDEFEND framework here
- Three Strategic Views: Organize and explore defenses from multiple perspectives to suit different roles and use cases:
- Tactics View: Aligned with the seven high-level tactics of MITRE D3FEND.
- Pillars View: Organized by technology stack components (Data, Model, Infrastructure, Application).
- Phases View: Structured around the AI development and operational lifecycle.
- Comprehensive Technique Details: Each defensive technique includes a detailed description, implementation strategies with code examples, and lists of relevant open-source and commercial tools.
- Threat Mapping: Techniques are explicitly mapped to known threats from established frameworks like MITRE ATLAS, MAESTRO, and the OWASP Top 10 for LLMs and ML.
- Interactive Interface: A clean, responsive UI with powerful search functionality to quickly find relevant techniques and threats.
- Light & Dark Modes: A comfortable viewing experience for any environment.
AIDEFEND allows you to view the defensive landscape through three distinct lenses, helping you answer key strategic questions.
Question: What high-level approach and concept is being used for this defense?
This view organizes techniques by their strategic security function, aligned with the seven defensive tactics: Model, Harden, Detect, Isolate, Deceive, Evict, and Restore. It is ideal for security strategists and architects designing a defense-in-depth plan.
Question: What part (component) of the AI system is being protected?
This view organizes defenses by the technology stack component they secure: Data, Model, Infrastructure, or Application. This component-centric view helps technical roles like ML Engineers and Cloud Security Engineers find controls relevant to their work.
Question: When (what stage) in the AI lifecycle should this defense be applied?
This view organizes defenses by the development stage where they are most relevant, from initial Design & Scoping through Building, Validation, Operation, Incident Response, and Restoration. This process-driven view helps MLOps and DevSecOps teams embed security throughout the entire AI lifecycle.
- Select a View: Use the "View by:" switcher at the top of the page to choose between Tactics, Pillars, or Phases.
- Explore Techniques: Click on any column header to learn more about that tactic, pillar, or phase. Click on any individual defensive technique to open a detailed modal view.
- Search Everything: Use the search bar to filter all content by keywords, technique IDs, or threat mappings (e.g., "Prompt Injection", "AID-H-002", "MAESTRO", "LLM01").
This work is a personal initiative led by Edward Lee. It is intended for informational and educational purposes only.
Please note: This work was inspired by, and references, numerous incredible open-source security frameworks. However, AIDEFEND is not affiliated with, endorsed by, or otherwise connected to The MITRE Corporation, the Cloud Security Alliance (creator of the MAESTRO framework), Google, or OWASP.
The framework synthesizes concepts and knowledge from the following foundational resources:
- MAESTRO Framework
- MITRE D3FEND™
- MITRE ATLAS™
- MITRE ATT&CK®
- Google Secure AI Framework (SAIF)
- OWASP Top 10 for LLM Applications
- OWASP Top 10 for Machine Learning Security
This work is led by Edward Lee. You can connect with me on LinkedIn.
This work is licensed under a Creative Commons Attribution 4.0 International License.