SAFE Agentic Framework
Open-source security standards for AI agents · Linux Foundation / OpenSSF
An OpenSSF / Linux Foundation Project·Led by Astha.ai
The open-source security standard for AI agents
Map, assess, and mitigate threats across the entire agentic AI attack surface.
SAFE-MCP
Security specification adapting MITRE ATT&CK for MCP environments.
Operates as a SIG under OpenSSF’s AI/ML Working Group, with project-level status in progress.
Explore SAFE-MCPSAFE-K8S
Security control catalog for Kubernetes clusters running AI workloads — from cluster hardening to GPU security, model serving, and RAG infrastructure.
4,916 crosswalk mappings to EU AI Act, NIST 800-53, NIST AI RMF, and NIST SSDF.
Explore SAFE-K8SSAFE-AUCA
Community-driven library of real-world Agentic Use Case Analyses (AUCA) mapped to SAFE-MCP techniques.
Explore SAFE-AUCASAFE-MCP Threat Catalog
Adapts the MITRE ATT&CK methodology for MCP environments. Each technique includes actionable mitigations and maps to NIST SP 800-53, OWASP LLM Top 10, and the EU AI Act.
Open Source
Build the standard with us
The SAFE Agentic Framework is community-driven, hosted under the Linux Foundation / OpenSSF.
Contribute to SAFE-MCP
Submit new techniques, improve mitigations, or review pull requests.
View on GitHubContribute to SAFE-K8S
Review controls, propose new knowledge areas, or improve crosswalk mappings.
View on GitHubSubmit a Use Case
Propose or claim a use case for the SAFE-AUCA library.
View on GitHubJoin the Community
OpenSSF Slack #sig-safe-mcp channel. Bi-weekly meetings at 1:00 PM PT.
Mailing listSAFE-MCP operates as a SIG under OpenSSF’s AI/ML Working Group, with project-level status in progress.