sunnypuli/ARIS

ARIS addresses the critical 'agentic jailbreak' and 'hallucinated command' risks inherent in tool-using agents like Anthropic's Claude Code. While the dual-model enforcement architecture (using a smaller local model to police a larger frontier model) is a sound security pattern, this project currently presents as a day-zero personal experiment with no stars or forks. Its defensibility is extremely low because it is a wrapper for a specific third-party CLI (Claude Code), making it highly fragile to upstream API changes or, more likely, the integration of native guardrails by Anthropic. Competitors include established guardrail frameworks like NeMo Guardrails, Lakera, and Guardrails AI, which offer broader model support and more robust policy engines. Frontier labs are highly likely to internalize these security layers to make their 'computer use' capabilities enterprise-ready, leaving little room for third-party wrappers that add latency and local compute overhead (Qwen 7B) without a massive advantage in policy depth.