ClawGuard: Out-of-Band Detection of LLM Agent Workflow Hijacking via EM Side Channel
It provides a forge-resistant physical security layer for LLM agents against workflow hijacking, addressing a critical vulnerability where host-internal telemetry can be compromised.
ClawGuard introduces a passive, out-of-band monitor using electromagnetic emanations to detect LLM agent workflow hijacking, achieving 100% true-positive rate and 1.16% false-positive rate on a 7.82TB RF corpus.
Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry (such as audit logs), which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard, a passive, out-of-band monitor that audits LLM-agent workflows using electromagnetic (EM) emanations. Because distinct agent skills create unique hardware usage patterns (computation, DRAM, network blocking), they emit measurable, macroscopic EM envelopes. External software-defined radios (SDRs) capture these physical signals. Using a drift-aware pipeline with 320-dimensional features, ClawGuard converts RF streams into physical evidence. Evaluated on a 7.82TB RF corpus, ClawGuard achieved an AUC of 0.9945, detecting attacks with a 100% true-positive rate and a 1.16% false-positive rate. This proves passive EM sensing is a practical, forge-resistant physical check against compromised host software.