If Zero Trust is the "mindset" and OWASP is the "bug-list," the MITRE Frameworks are the "Adversary Encyclopedia." In 2026, MITRE doesn't just track how hackers break into Windows; it tracks how they manipulate AI, hijack autonomous drones, and "poison" the data schools and community groups rely on.
ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is the world’s most used framework for understanding cyberattacks.
The 2026 Shift: In late 2025, MITRE released v18, which replaced static "Data Sources" with Detection Strategies. It now prioritizes behavior (what an attacker is doing) over tools (what software they are using).
Relevance for You: If a political activist's account is compromised, ATT&CK helps your security team identify if the attacker used "Spearphishing" (Initial Access) or "Session Cookie Theft" (Credential Access) to get in.
For 2026, ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is the most relevant framework for this training series. It maps attacks specifically against AI.
New 2026 Techniques (Updated Jan 2026):
AI Agent Clickbait (AML.T0100): Luring an AI-enabled browser into taking unintended actions (like copying malicious code) by exploiting how the agent "reads" a website.
AI Service API Hijacking (AML.T0096): Using legitimate OpenAI or Google Gemini APIs as a "covert command channel" to hide malicious traffic inside normal AI chatter.
Agent Tool Poisoning (AML.T0099): Placing a malicious file in a school’s OneDrive, knowing the "Teacher’s AI Assistant" will eventually read it and execute a hidden command.
While ATT&CK is the "Offense," D3FEND is the "Defense." It is a knowledge graph of countermeasures.
The 2026 Update: Includes a major extension for OT (Operational Technology).
Practical Use: If you identify a risk in ATT&CK (e.g., Credential Harvesting), D3FEND points you to the specific fix (e.g., Biometric Multi-Factor Authentication or Inbound Email Filtering).
Launched in January 2026, the ESTM (or ESTM 3.0) is a specialized matrix for hardware and firmware.
Why it matters: Community infrastructure (smart streetlights, school security cameras, or robotic kits in STEM labs) often has weak security. ESTM helps you model threats to the "physical" side of your tech.