AI Attack Planning
The AI Attack Planner generates a detailed, structured engagement plan tailored to your target. It takes your scope (in-scope MITRE techniques) and produces a step-by-step attack plan written in markdown — ready to guide your team through the engagement.
Before You Start
AI Attack Planning requires:
- An active profile (engagement)
- At least one technique marked as in scope in the MITRE Navigator
If you haven't defined scope yet, go to AI Scope Suggestions → first.
Generating an Attack Plan
- Open your engagement and go to AI Features → Attack Planning
- Choose the framework:
- MITRE ATT&CK — for standard red team engagements
- MITRE ATLAS — for AI/ML system assessments
- Add a target description to give the AI more context about what you're testing
- Click Generate Plan
- Wait for the AI to generate your plan (typically 20–60 seconds)
The generated plan will include:
- An executive summary of the engagement approach
- Phase-by-phase breakdown (Reconnaissance → Initial Access → Lateral Movement → etc.)
- Specific techniques mapped to each phase (from your in-scope list)
- Suggested tools and methods for each technique
- Notes on what to look for / what to document
Understanding Your Generated Plan
The plan is presented as formatted markdown. Here's what a typical section looks like:
## Phase 1 — Reconnaissance
### Objective
Gather information about the target to identify attack vectors.
### Techniques
- **T1595 — Active Scanning**: Use nmap to identify open ports and services
- **T1592 — Gather Victim Host Information**: Enumerate OS versions and software
### Tools
- nmap, masscan, shodan
### Notes
Document all open ports and services found. Pay special attention to
unusual ports or services that shouldn't be externally exposed.
Refining Your Plan
The AI Attack Planner supports iterative refinement — you can provide feedback and the AI will update the plan while keeping the context of previous versions.
To refine a plan:
- Review the generated plan
- Click Refine Plan
- In the feedback box, describe what you want to change:
- "Add more focus on credential harvesting techniques"
- "Remove cloud-related techniques — the target has no cloud infrastructure"
- "Expand the lateral movement section with more specific Windows techniques"
- Click Submit Refinement
The plan is updated while tracking the version history. You can see how the plan evolved across refinements.
Version History
Each time you refine the plan, a new version is saved. You can:
- Review previous versions
- See what feedback triggered each refinement
- Compare changes between versions
ATLAS Attack Plans
For ATLAS engagements (AI/ML targets), the planner generates an AI-specific attack plan:
- Covers AI attack phases (reconnaissance → model access → adversarial attacks → impact)
- References specific ATLAS techniques
- Includes AI-specific tools and attack patterns
Generate an ATLAS plan the same way — just select MITRE ATLAS as the framework.
Saving and Sharing Plans
Generated plans are automatically saved to your engagement. You can:
- Copy the plan to your clipboard
- Download the plan as a
.mdfile - Reference it at any time from the AI Features section
Tips for Better Plans
- More scope = better plans — the more in-scope techniques you have, the richer the plan
- Detailed target description = more relevant techniques — mention the OS, services, and architecture
- Use refinement — don't expect perfection on the first generate; refine iteratively
- Cross-reference the navigator — use the plan alongside the navigator to stay on track
Next Steps
- AI Tool Suggestions → — get tool recommendations as you work
- ATT&CK Navigator → — track your progress through the plan
- Findings → — document what you find along the way