What is AARM?
Autonomous Action Runtime Management (AARM) is a security and governance layer for systems where AI doesn’t just generate text — it takes actions (API calls, tool invocations, database writes, tickets, emails, code changes, etc.). AARM focuses on the invariant: runtime execution of actions.Read the Blueprint
The core concepts, reference architecture, and design goals.
Quickstart
Implement AARM patterns in your stack in under an hour.
Why AARM exists
Traditional security stacks are great at events. But AI systems introduce a new primary risk surface: actions. AARM is built for:- Policy enforcement in-line (allow/deny/modify)
- Parameter constraints (schemas, allowlists, scoping)
- Step-up approvals for high-risk operations
- Action receipts (tamper-evident audit trail)
- Effect capture (what changed, not just what was called)
AARM vs. SIEM
SIEM was for events. AARM is for actions.
Core building blocks
Control Plane
Central policy + identity + approvals for autonomous actions.
Runtime Enforcement
Inline allow/deny, parameter shaping, rate limits, and sandboxing.
Action Telemetry
Structured action events that plug into SIEM/SOAR.
Action Receipts
Signed records binding request, decision, result, and context.
Approvals
Step-up controls for sensitive operations (4-eyes, break-glass).
Effect Capture
Track downstream state changes (diffs, IDs, commits, row-level logs).
Start implementing
Reference Architecture
The canonical AARM components and data flows.
Policy Model
Action-centric policies: type, target, data class, context, control.
Threat Model
Prompt injection, compromised tools, over-privileged creds, data egress.
Patterns & Recipes
Practical patterns: tool gateways, scoped tokens, approval flows, receipts.
Contribute
AARM is an open source effort. If you’re building agentic systems, tool servers, or governance layers, you can help shape the standard.Contributing Guide
Propose changes, add patterns, and share implementation notes.