Skip to main content

DualView: Defending personal AI agents like OpenClaw against indirect prompt injection

· One min read
Juhee Kim
Postdoctoral Researcher, CompSec Lab @ SNU

We introduce DualView, a system for defending personal AI agents like OpenClaw against indirect prompt injection attacks. DualView protects agents that read files, run commands, browse the web, and write back into the user's environment, where attacker-controlled text can otherwise persist and be re-read later.

DualView overview

The posts below walk through the threat model for indirect prompt injection, the limits of existing Dual LLM-style defenses, and the policies and tool hooks DualView uses to maintain separate views for agents and humans.