Threat Taxonomy

Arrakis maintains a proprietary threat catalog of 42+ codes organized into three tiers: infrastructure and configuration weaknesses, adversarial behavioral exploits, and runtime boundary violations. Each code maps to a security domain for risk scoring.

The taxonomy is purpose-built for autonomous AI agents, covering attack vectors from supply chain compromise to multi-turn conversational attacks to runtime capability drift. Traditional application security taxonomies focus on human-driven software vulnerabilities. The Arrakis catalog extends into territory unique to autonomous agents: tool-use supply chains, inter-agent coordination risks, and emergent behavioral patterns.

The tier number reflects the detection approach (static vs. behavioral vs. runtime), not severity. A Tier 1 misconfiguration can be just as critical as a Tier 2 adversarial attack. Severity is assigned per alert instance, not per tier. Every code in the catalog addresses a risk that is specific to or amplified by autonomous AI agents.

The full threat catalog is available to Arrakis customers.