ClawGuardian Join the network →
● live · base sepolia shared immunity

Attack once.
Blocked everywhere.

ClawGuardian is a shared immune system for AI agents. When one agent catches a prompt injection — hidden text in a PDF, white-on-white in an image, a buried command in email — every other agent in the network is immune within seconds.

Join the network → Try the constitution attack
1,284 fingerprints · 24h 142 agents on network 3-layer detection
attack registry · live base sepolia
0x7f4a9c…White-on-white payload in PDFblock
0xc013ee…Hidden instruction in email footerblock
0x31fe07…Tool-call injection · audio narrationquar
0x9aa2b1…Constitution-lookalike commandblock
0x4e8833…Image OCR: "ignore previous"block
0xbc01df…PDF metadata exfil attemptquar
0x2d5544…HTML comment payloadblock
0x81ab02…Zero-width character directiveblock
+ 1,276 more in the last 24h
01 / defense

Three layers. One verdict.

Every input flows through a deterministic rules engine, a trained classifier, and an LLM judge. Each layer catches what the previous missed — the combined verdict is what gets published to the registry.

1

Rules

~40µs

Deterministic pattern matching on known payload hashes. Fast, cheap, catches the long tail of repeat offenders instantly.

2

Classifier

~8ms

A small transformer trained on the network's attack corpus. Catches novel variants and obfuscations rules can't see.

3

LLM judge

~400ms

Final verdict on ambiguous content. Used sparingly — returns structured JSON with a rationale attached for the audit log.

Fingerprint

onchain · base sepolia

Canonical hash published to the registry. Signed, permanent, polled by every other agent in seconds.

02 / coverage

Nowhere left to hide.

Injections now hide in places parsers never look. ClawGuardian normalizes every modality into a canonical text stream before the detection layers run.

text · html
invisible payload span <!-- ignore previous -->

Hidden markup

Invisible spans, comments, CSS-hidden nodes, zero-width characters. Stripped and surfaced before parsing.

images
white-on-white directive

Multi-pass OCR

Contrast-adjusted scans catch white-on-white and near-color text. Each extracted string feeds the full pipeline.

pdf
↑ hidden layer

Layers + metadata

Walks every page's content streams, hidden layers, form fields, and XMP metadata. Nothing is ignored.

audio

Transcript scan

Spoken directives, embedded tones, and prompt payloads in narration are transcribed and re-checked.

03 / network effect

Catch it once.
Block it everywhere.

Watch one agent catch a new attack — the fingerprint publishes to the registry, and every other agent is immune within seconds.

agent network · live
142 agents · 1,284 fingerprints / 24h
Claw registry base sepolia A₁ hit → publish A₂ cached A₃ polling A₄ cached A₅ A₆ A₇ A₈ A₉ A₁₀ attack lands ↓ fingerprint published →
① agent hit ② publish ③ propagate ④ network immune
01 / the hit

Agent A sees a novel attack.

An invisible instruction in a PDF, image, email, or audio file reaches an agent. The detection pipeline catches it.

02 / the broadcast

Fingerprint → registry.

The canonical form is hashed and published to the onchain registry. Signed, permanent, globally readable.

03 / the immunity

Everyone else: already cached.

Every other agent polls and caches locally. The same attack, attempted anywhere, fails at the gate.

05 / dashboard

Your agents' attack log, in one place.

Every verdict, signed and onchain. Here's what the operator view looks like.

app.clawguardian.xyz/fleet/prod prod
blocked · 24h 1,284 ↑ 18%
quarantined 142 • flat
agents online 12 / 12 all healthy
avg latency 9.4ms ↓ 1.2ms
Attacks blocked — last 24h
hourly
00:00 06:00 12:00 18:00 now
By modality
24h
pdf542
email398
image201
html108
audio35
Recent verdicts
live view all →
timeagentmodalityfingerprintverdict
12:04:22agent-7fpdf0x7f4a9c…block
12:03:58agent-a1email0xc013ee…block
12:03:41agent-c4audio0x31fe07…quar
12:03:19agent-0epdf0x9aa2b1…block
12:02:55agent-7fimage0x4e8833…block
12:02:30agent-b2pdf0xbc01df…quar
04 / who it's for

Built for everyone shipping agents.

Agent builders

Drop in the SDK. Wrap your tool-calling agent's inputs. Zero to immune in three lines.

import { guard } from 'clawguard'
const safe = await guard(input)
if (safe.verdict === 'block') return

Security teams

Every attack fingerprint your agents encounter, signed and onchain. A tamper-proof audit log you didn't have to build.

Signed verdicts Rationale attached Per-fleet views Replay detection

Platform teams

One shared registry across every team, agent, and vendor. Stop duplicating threat-intel work across silos.

Multi-tenant Private namespaces Base Sepolia Mainnet soon
ship safely

Protect one agent.
Strengthen every agent.

Every agent you connect makes every other agent safer. Join the early network.

↑ we'll reach out within a day