Documentation, standards alignment, and project information.
The framework specification and its Markdown reference live in the GitHub repository.
Complete technical reference — all 21 sub-metrics, five-level rubrics, test methods, ORP/ACI, and the Finbot validation. Also available as editable Word (.docx) and per-section Markdown.
View PDF on GitHub →The twelve-gap structural analysis with 2025–2026 evidence and the AITBM-to-framework coverage mapping.
Read on the site →Translates AIDEFEND defensive techniques into measurable evidence for AITBM sub-metric scoring.
View on GitHub →The full specification split into readable Markdown sections — executive summary, architecture, scoring, the worked example, and references.
View on GitHub →AITBM aligns to, maps against, or explicitly addresses gaps in the standards and frameworks security teams already rely on.
Severity quantification
Agentic threat coverage
Control-verification input (pending)
Predecessor scoring system — structural gaps addressed
Threat taxonomy alignment
Risk-management alignment
Cyber-AI intersection
Governance & impact assessment
High-risk classification mapping
Certification & insurance complement
Defensive-control evidence
Defensive taxonomy
Prior art — why it is insufficient for AI
Primary agentic deployment class
AITBM is a community-driven, volunteer effort built for OWASP practitioners, AI security assessors, ML engineers, and compliance teams. It carries no commercial licensing and no paid-tooling dependencies, and is designed to be usable by assessors without an ML research background — every rubric is operationally concrete.
Led from the OWASP Taiwan Chapter, AITBM is developed in the open and its documentation is licensed under CC BY 4.0.