ClawLess: A Security Model of AI Agents

ClawLess addresses a critical 'trust gap' in the agentic AI landscape by moving security from probabilistic methods (prompt engineering/system instructions) to deterministic guarantees (formal verification). Its defensibility score of 4 reflects its current state as a very early-stage academic project (0 stars, 4 forks, 10 days old) with no market traction, despite the high technical barrier of formal methods. The 'ClawLess' name (likely a play on Anthropic's Claude) signals a focus on mitigating risks in frontier-class models. Competitive Pressure: While startups like Lasso Security and Robust Intelligence focus on firewalling and monitoring, ClawLess attempts a more fundamental architectural approach. However, frontier labs like OpenAI (with 'Preparedness' teams) and cloud providers like AWS (with Guardrails for Bedrock) are the primary threats; they are likely to integrate similar formal or semi-formal policy enforcement directly into the model runtime or orchestration layer. Moat Analysis: The moat is currently purely intellectual/mathematical (the formal policy templates). To reach a higher score, the project would need to evolve into a developer-friendly library that abstracts the complexity of formal logic, which is notoriously difficult for non-specialists. The displacement horizon is 1-2 years as production-grade agent runtimes (like LangGraph or AutoGen) begin to standardize their security posture.