feat(knowledge): add MITRE ATLAS IDs to OWASP files + Norwegian regulatory context

plugins/llm-security/knowledge/owasp-llm-top10.md

@@ -10,6 +10,8 @@ Source: https://genai.owasp.org/llm-top-10/ — OWASP GenAI Security Project v20
 
 ## LLM01 — Prompt Injection
 
+**MITRE ATLAS:** AML.T0051 (LLM Prompt Injection)
+
 **Risk:** Attackers manipulate LLM behavior by crafting inputs that override system
 instructions, bypass guardrails, or cause the model to execute unintended actions.
 
@@ -63,6 +65,8 @@ instructions, bypass guardrails, or cause the model to execute unintended action
 
 ## LLM02 — Sensitive Information Disclosure
 
+**MITRE ATLAS:** AML.T0024 (Exfiltration via ML Inference API)
+
 **Risk:** LLMs unintentionally expose private, proprietary, or credential data through
 outputs, memorized training content, or cross-session leakage.
 
@@ -113,6 +117,8 @@ outputs, memorized training content, or cross-session leakage.
 
 ## LLM03 — Supply Chain Vulnerabilities
 
+**MITRE ATLAS:** AML.T0010 (ML Supply Chain Compromise)
+
 **Risk:** Compromised third-party models, datasets, plugins, MCP servers, or
 dependencies introduce backdoors, malicious behavior, or known vulnerabilities.
 
@@ -161,6 +167,8 @@ dependencies introduce backdoors, malicious behavior, or known vulnerabilities.
 
 ## LLM04 — Data and Model Poisoning
 
+**MITRE ATLAS:** AML.T0020 (Poison Training Data), AML.T0018 (Backdoor ML Model)
+
 **Risk:** Malicious or accidental contamination of training data, fine-tuning datasets,
 RAG knowledge bases, or embeddings degrades model behavior or introduces backdoors.
 
@@ -208,6 +216,8 @@ RAG knowledge bases, or embeddings degrades model behavior or introduces backdoo
 
 ## LLM05 — Improper Output Handling
 
+**MITRE ATLAS:** AML.T0043 (Craft Adversarial Data)
+
 **Risk:** LLM-generated output is passed to downstream systems without adequate
 validation or sanitization, enabling injection attacks, privilege escalation, or
 unintended side effects.
@@ -262,6 +272,8 @@ unintended side effects.
 
 ## LLM06 — Excessive Agency
 
+**MITRE ATLAS:** AML.T0061 (AI Agent Tools)
+
 **Risk:** LLMs granted excessive functionality, permissions, or autonomy take
 unintended high-impact actions with real-world consequences.
 
@@ -317,6 +329,8 @@ unintended high-impact actions with real-world consequences.
 
 ## LLM07 — System Prompt Leakage
 
+**MITRE ATLAS:** AML.T0024 (Exfiltration via ML Inference API)
+
 **Risk:** Internal system prompts containing sensitive instructions, credentials, or
 behavioral guardrails are exposed to users or attackers, enabling bypass or
 credential theft.
@@ -368,6 +382,8 @@ credential theft.
 
 ## LLM08 — Vector and Embedding Weaknesses
 
+**MITRE ATLAS:** AML.T0020 (Poison Training Data), AML.T0019 (Publish Poisoned Datasets)
+
 **Risk:** Vulnerabilities in how embeddings are generated, stored, or retrieved allow
 unauthorized data access, information leakage, or manipulation of RAG-based agent
 behavior.
@@ -421,6 +437,8 @@ behavior.
 
 ## LLM09 — Misinformation
 
+**MITRE ATLAS:** AML.T0031 (Erode ML Model Integrity)
+
 **Risk:** LLMs generate plausible but factually incorrect outputs (hallucinations) that
 are acted upon without verification, leading to incorrect decisions, security bypasses,
 or dependency on non-existent resources.
@@ -475,6 +493,8 @@ or dependency on non-existent resources.
 
 ## LLM10 — Unbounded Consumption
 
+**MITRE ATLAS:** AML.T0029 (Denial of ML Service), AML.T0034 (Cost Harvesting)
+
 **Risk:** Uncontrolled resource usage by LLM applications enables denial of service,
 financial exploitation via excessive API costs, or unauthorized model capability
 extraction through systematic querying.