DualView: Defending personal AI agents like OpenClaw against indirect prompt injection | CompSec
Skip to main content<br>We introduce DualView, a system for defending personal AI agents like OpenClaw against indirect prompt injection attacks. DualView protects agents that read files, run commands, browse the web, and write back into the user's environment, where attacker-controlled text can otherwise persist and be re-read later.
The posts below walk through the threat model for indirect prompt injection, the limits of existing Dual LLM-style defenses, and the policies and tool hooks DualView uses to maintain separate views for agents and humans.
Part 1: Indirect prompt injection attacks in personal AI agents, and how DualView defends against them
Part 2: How DualView classifies and controls untrusted data (to be published)
Part 3: How DualView gives agents a symbolized environment while humans keep the original one (to be published)