Frameworks
Probe Six maps its security assessment findings to recognised compliance and governance frameworks. Each assessment report includes references that trace findings back to specific framework controls, giving your team and auditors an evidence trail.
The frameworks below are all referenced in our assessment reports. Dedicated documentation pages — explaining how our test methodology aligns with each framework — are being added progressively.
NIST AI Risk Management Framework
How Probe Six assesses AI systems against the NIST AI RMF (AI 100-1). 19 assessment categories across all four functions (Govern, Map, Measure, Manage), 58 automated plugins for testable subcategories, and 91 governance questions covering 72 subcategories.
OWASP Top 10 for LLMs
The Open Worldwide Application Security Project's top 10 most critical vulnerabilities for LLM applications, including prompt injection, insecure output handling, and training data poisoning. Probe Six maps 146 automated security plugins across all 10 OWASP categories with 69 governance assessment questions.
OWASP Top 10 for Agentic AI
OWASP's emerging guidance specifically for agentic AI applications — systems that use tool calling, multi-step reasoning, and autonomous actions. Probe Six's agentic template maps directly to these risks.
MITRE ATLAS
Adversarial Threat Landscape for AI Systems. A knowledge base of adversarial tactics and techniques specific to AI/ML systems, modelled on the MITRE ATT&CK framework. Probe Six maps 146 automated security plugins across 16 ATLAS tactics, with governance assessments for techniques that require infrastructure-level review.
EU AI Act
The European Union's regulation on artificial intelligence. Establishes obligations for AI systems based on risk classification, with requirements for transparency, human oversight, accuracy, and robustness. Probe Six's EU AI Act template tests against these requirements.
ISO/IEC 42001
The international standard for AI Management Systems (AIMS). 38 Annex A controls across 9 domains, management system clauses 4-10, automated adversarial testing for testable controls, and structured governance questionnaires. Finding references in Probe Six reports include relevant ISO 42001 control IDs.
Equality Act 2010
UK legislation protecting against discrimination on the basis of protected characteristics including race, gender, age, disability, and religion. Probe Six's bias testing categories are aligned to these characteristics.
All frameworks are referenced in reports now. Dedicated documentation pages explaining the full methodology alignment are being added. In the meantime, each assessment report includes framework-specific references for every finding — OWASP codes, MITRE ATLAS techniques, EU AI Act articles, and ISO 42001 clauses as applicable.