Glossary · Term

shadow workspace

← all terms

Definition

Plain language

A scratch copy where an AI agent's risky edit is tried out and cleaned before it touches the real files.

As stated in the literature

In DASGuard, a sandboxed duplicate where a proposed file write is applied and the changed spans scanned, so a sanitized version can be committed to the real workspace rather than blocked outright.

Why it matters: It lets a defense fix a risky edit and keep the safe parts rather than blocking the whole action, so security doesn't come at the cost of usefulness.

For example, before letting an agent overwrite a real document, the system applies the change in a throwaway copy first to inspect and clean it.

Heard on the show

“It uses what they call a shadow workspace: it applies the proposed edit to a shadow copy first, scans just the changed parts, and then commits a cleaned version to the real workspace.”
Episode 105 — The Trojan Is Your Agent's Memory: Why Single-Step Defenses Miss Persistent Attacks

Mentioned in 1 episode

  1. 105
    The Trojan Is Your Agent's Memory: Why Single-Step Defenses Miss Persistent Attacks

Related terms