ClawGuard: Out-of-Band Detection of LLM Agent Workflow Hijacking via EM Side Channel

TL;DR

ClawGuard is a passive EM side-channel system that detects LLM agent workflow hijacking by analyzing electromagnetic emissions, offering a forge-resistant security method independent of host OS logs.

Contribution

It introduces a novel out-of-band EM sensing approach for detecting compromised LLM workflows, surpassing traditional host-internal telemetry defenses.

Findings

Achieved 0.9945 AUC in detecting attacks

Detected attacks with 100% true-positive rate

False-positive rate was only 1.16%

Abstract

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry (such as audit logs), which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard, a passive, out-of-band monitor that audits LLM-agent workflows using electromagnetic (EM) emanations. Because distinct agent skills create unique hardware usage patterns (computation, DRAM, network blocking), they emit measurable, macroscopic EM envelopes. External software-defined radios (SDRs) capture these physical signals. Using a drift-aware pipeline with 320-dimensional features, ClawGuard converts RF streams into physical evidence. Evaluated on a 7.82TB RF corpus, ClawGuard achieved an AUC of 0.9945, detecting attacks with a 100% true-positive rate and a 1.16% false-positive rate. This proves passive EM sensing is a practical, forge-resistant physical check against compromised host software.