Gradual Capability Escalation via Incremental Introduction - ATR-2026-00093 (a9846f3f-9a2f-5e0d-af81-7650645141fe)
Detects attacks that use gradual, sub-threshold capability introductions to evade behavioral fingerprinting and whitelist-based security systems. Attackers incrementally expand agent permissions, register small capability additions across version updates, or slowly shift the behavioral baseline to normalize malicious functionality.