GAUNTLEX, described in two developer posts, aims to measure and enforce the security of AI-generated code earlier in the development pipeline—by testing the specification used to generate that code. The system is built around an Adversarial Resilience Score (ARS), defined as the average of results from multiple adversarial attacks fired at the generated output. Each attack is independently scored as 1.0 for fully mitigated, 0.5 for partially bypassable or incomplete defenses, and 0.0 for missed defenses where the attack succeeds. ARS ranges from 0.0 to 1.0 and is computed as the sum of attack scores divided by the number of attacks run (5 in quick mode, 20 in standard, and 50 in thorough).

The posts also explain the underlying workflow: a Builder agent implements a spec, while a Breaker agent derives an adversarial test suite from the same spec without seeing the Builder’s code. Afterward, an Arbiter evaluates how well defenses held. A configurable minimum ARS threshold (default 0.80) gates merges in CI. Reports include audit-friendly elements such as CWE mappings and compliance-control associations (e.g., NIST SSDF, OWASP SAMM, SOC 2, ISO 27001), and a SHA-256 hash to verify that results are not altered post-generation.