References

Detection engineering maturity frameworks

This framework is a complement to, not a replacement for, two community detection engineering maturity frameworks. The right starting point for most teams is to use one of those first to assess the underlying detection program, then use this framework to assess the AI/LLM dimension on top.

• Detection Engineering Maturity Matrix by Kyle Bailey. Three levels (Defined, Managed, Optimized) across four categories (People, Process, Technology, Detection) with nine subcategories. Presented at the SANS Blue Team Summit (2021) and BSidesSF (2022).

• Threat Detection Maturity Framework by Haider Dost. Three levels (M1 Ad-Hoc, M2 Organized, M3 Optimized) across five dimensions (Processes; Data, Tools and Technology; Capabilities; Coverage; People). Distributed as a CSV.

Adjacent frameworks

• MITRE ATT&CK. The technique taxonomy referenced throughout the Detection Lifecycle dimensions.
• MITRE ATLAS. Adversarial ML threat landscape. Relevant to the Security, Privacy & Safety dimension at L2+.
• NIST AI Risk Management Framework (AI RMF). General-purpose AI governance reference. Useful for Strategy & Governance.
• OWASP Top 10 for LLM Applications. Prompt-injection and adjacent risk taxonomy. Useful for Security, Privacy & Safety.

Related concepts

• Detection-as-Code. The practice of treating detection content as versioned, tested, CI/CD-deployed artifacts. A prerequisite for L2+ in Detection Authoring, Testing, and Tuning.
• Atomic Red Team. Atomic-test taxonomy referenced in Detection Testing & Validation.
• STIX / TAXII. Structured threat-intelligence schemas referenced in Detection Opportunity Ideation.

How to cite this framework

Detection Engineering AI Maturity Framework. Available at https://github.com/infosecb/detection-engineering-ai-maturity. Licensed under CC BY-SA 4.0.