Open Protocol

The CLAP Protocol

Closed Loop Adapter Protocol — a four-layer trust framework for AI security assessment and remediation.

Four Layers

CLAP defines what must be verified, not how. Any conforming implementation is CLAP-compliant.

01

Adapters

How tools connect. Standardized interfaces for attack tools (Garak, PyRIT), defense tools (NeMo Guardrails, LLM Guard), and analyzers (OWASP, MITRE ATLAS). Write a CLAP adapter in under 100 lines.

02

Verification

The trust layer. Every result passes through deduplication, breach classification, statistical verification (N≥3), semantic validation by LLM judge, and false positive checking. This is what makes CLAP more than a tool connector.

03

Orchestration

How the loop runs. Recon → attack → verify → remediate → deploy → re-verify → iterate. Confidence-based deployment: ≥0.90 auto-deploy, 0.70–0.90 monitored, <0.70 human-in-the-loop.

04

Certification

How patterns get published. Certified Remediation Patterns (CRPs) carry full verification provenance. CRP-2026-0147 means: this attack was reproduced, this defense blocks it, here's the proof.

CRP Schema

# Certified Remediation Pattern crp_id: CRP-2026-0147 attack: class: phrasing.PastTense reproduction_rate: 0.95 models_tested: [llama-3.3-70b, phi-4-14b] defense: tier: 2 (distilled classifier) verified_block_rate: 0.88 false_positive_rate: 0.02 frameworks: - OWASP LLM09: Misinformation - MITRE ATLAS: AML.T0054 - NIST AI RMF: GV-1.2

CLAP specification v1.0 — Apache 2.0 License

View on GitHub (Coming Soon)