METHODOLOGY · FRAMEWORK COMPARISON
Vectorbreak Five Surfaces, OWASP LLM Top 10, MITRE ATLAS — three AI security frameworks that share semantic ground but serve different jobs. Coverage maps, scope differences, when to use each, and how Vectorbreak integrates them.
At a glance
FIVE SURFACES
Vectorbreak — Lance (2026)
- Primary unit
- Attack surface (where the vulnerability lives in the stack)
- Scope
- 5 surfaces · 69 risk classes · 139 validated test cases
- Audience
- Red-team engagements, audit deliverables, conformity-assessment dossiers
- Strength
- Structures the threat model by execution layer — the same risk class in Surface 1 vs Surface 3 has different remediation; testing follows the structure. Validated against eight named deployments with PASS / FAIL verdicts.
- Limitation
- Younger framework (2026); fewer external citations than the established alternatives. Vectorbreak-owned, though MIT-licensed harness and attribution-published methodology paper.
OWASP LLM TOP 10
OWASP Foundation (open-community)
- Primary unit
- Vulnerability type (what kind of risk it is)
- Scope
- 10 risk categories · prose-based descriptions · annual revision
- Audience
- AppSec teams, secure-development standards, awareness training
- Strength
- Community-owned, vendor-neutral, broad adoption since 2023. Excellent for security-awareness training and as a quick taxonomy for non-specialists.
- Limitation
- Categorical, not structural — doesn't tell you where in the stack each risk lives. Prose-grade specificity, not test-grade. Limited remediation depth.
MITRE ATLAS
MITRE Corporation (US-government-backed)
- Primary unit
- Tactic / technique (adversary intent and method)
- Scope
- 14 tactics · 80+ techniques · case-study database · ATT&CK-style matrix
- Audience
- Threat intelligence, incident-response, adversary-emulation teams
- Strength
- Maps to MITRE ATT&CK for traditional security — the bridge between AI-specific and conventional threat intel. Strong for IR teams already speaking ATT&CK.
- Limitation
- Tactics-first framing assumes you're emulating an adversary, not testing a system. Less prescriptive for proactive auditing.
COVERAGE MAP
Five Surfaces → OWASP → ATLAS
Each Surface mapped to the equivalent OWASP LLM Top 10 categories and MITRE ATLAS techniques. Translation table.
| Five Surfaces | OWASP LLM Top 10 | MITRE ATLAS |
|---|---|---|
| FS1Input / Output | LLM01 Prompt Injection, LLM05 Improper Output Handling, LLM09 Misinformation | AML.T0051 (LLM Prompt Injection), AML.T0048 (Erode AI Model Integrity) |
| FS2Retrieval | LLM01 (indirect injection variant), LLM03 Training Data Poisoning, LLM06 Sensitive Info Disclosure | AML.T0010 (ML Supply Chain Compromise), AML.T0020 (Poison Training Data) |
| FS3Tool-Call / MCP | LLM06 Excessive Agency, LLM07 System Prompt Leakage, LLM08 Vector & Embedding Weaknesses | AML.T0053 (LLM Plugin Compromise), AML.T0050 (Command and Scripting Interpreter) |
| FS4Model | LLM02 Insecure Output Handling, LLM06 Sensitive Info Disclosure, LLM10 Model Theft | AML.T0044 (Full ML Model Access), AML.T0024 (Exfiltration via Model API), AML.T0035 (ML Model Inference) |
| FS5Runtime | LLM05 Improper Output Handling (RCE chains), LLM08 Excessive Agency (loop abuse) | AML.T0050 (Command Execution), AML.T0049 (Exploit Public-Facing Application) |
DECISION GUIDE
When to use each
You're writing a third-party security audit deliverable for a high-risk AI deployment.
RECOMMENDATION
Five Surfaces — primary structure. OWASP LLM Top 10 as a cross-reference. MITRE ATLAS for any techniques-based reporting your client requires.
WHY
Five Surfaces is built for the deliverable shape — every finding maps to a surface, severity scale, and remediation guidance. The taxonomy translates cleanly into Article 15 cybersecurity evidence and ISO/IEC 42001 Annex A controls.
You're training your AppSec team on AI risks for the first time.
RECOMMENDATION
OWASP LLM Top 10 first. Five Surfaces or MITRE ATLAS next.
WHY
OWASP's 10-category structure is the easiest on-ramp — most AppSec engineers already know OWASP Web Top 10 and can pattern-match. Five Surfaces is a deeper second layer once the team is doing actual testing.
Your IR team is investigating a suspected AI-related incident.
RECOMMENDATION
MITRE ATLAS as primary. Five Surfaces as the system-side complement.
WHY
ATLAS speaks the adversary-tactics language your IR team already uses (ATT&CK). The case-study database is genuinely useful for pattern-matching ongoing incidents. Five Surfaces tells you where to look for evidence in the affected system once you've identified the tactic.
You're scoping a Vectorbreak engagement.
RECOMMENDATION
Five Surfaces drives scope. We map findings to all three frameworks on delivery.
WHY
The deliverable references the OWASP LLM Top 10 category and MITRE ATLAS technique IDs for every finding — so the report is interoperable with whatever framework your buyers (insurers, auditors, regulators) speak natively. Five Surfaces is the structuring spine.
Use all three.
Vectorbreak engagements deliver findings with Five Surfaces structure, OWASP LLM category cross-references, and MITRE ATLAS technique IDs. Your deliverable speaks whatever framework your buyers speak natively.