Glossary · Term

ClawTrojan

← all terms

Definition

Plain language

A test suite of multi-step attacks where each individual step looks harmless but the whole sequence is malicious.

As stated in the literature

A benchmark of runnable attack chains against agent harnesses, where early steps poison persistent workspace state and later innocent-looking steps activate it; each chain is validated by confirming every malicious step actually fires against real models.

Why it matters: It exposes attacks that no single step would reveal, helping defenders test whether their safeguards catch threats that unfold across many actions.

For example, one attack chain has an agent save a poisoned note early on, then a later harmless-looking request quietly triggers that note to cause harm.

Mentioned in 1 episode

  1. 105
    The Trojan Is Your Agent's Memory: Why Single-Step Defenses Miss Persistent Attacks

Related terms