Definition
Plain language
A safety wrapper that stops an AI agent's memory from being quietly poisoned, by tracking where each instruction came from.
As stated in the literature
A Detect-Attribute-Sanitize defense for agent harnesses that flags control-bearing spans, traces them to their source via a content-source graph, and sanitizes reversible file writes in a shadow workspace while blocking irreversible external actions.
Why it matters: It keeps an agent's memory and files from being secretly poisoned, which is what stands between a helpful assistant and one quietly hijacked by hidden instructions.
For example, when an agent tries to overwrite a config file with content traced back to an untrusted web page, this wrapper tests the change in a safe copy and cleans it before allowing it.
Heard on the show
“So the defense is called DASGuard, and the name is the recipe: Detect, Attribute, Sanitize.”Episode 105 — The Trojan Is Your Agent's Memory: Why Single-Step Defenses Miss Persistent Attacks