Your agent reads web pages, emails, and API responses. Any of those can contain hidden instructions it will follow.

mlayer-guard

Prompt injection detection for AI agents.

One API call. Any LLM you already have. 98% detection on agent attacks. Zero false positives. Free.

Try the Demo → Get Started

Benchmark Results

98%
Attack detection
InjecAgent, N=300 — only detector with published scores on this benchmark
100%
Benign pass rate
Deepset, N=343 — zero false positives
94.1%
Real conversations
WildGuard, N=971

Tested on InjecAgent (ACL 2024), NotInject (ACL 2025), WildGuard, and Deepset. All public datasets.

How It Works

Every tool call is a potential injection point. Browsing a webpage, reading an email, calling an API — any of these can contain hidden instructions your agent will follow.

Tool Output
mlayer-guard
Safe?
Agent Acts

Setup

No account required during beta.

cp -r mlayer-guard ~/.openclaw/skills/mlayer-guard
export MLAYER_GUARD_URL="https://hidylan.ai/v1/injection-check"
export OPENAI_API_KEY="your-key"

Restart your OpenClaw agent. The skill activates automatically.

Works with any agent framework. Just make an HTTP POST.

curl -X POST https://hidylan.ai/v1/injection-check \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-llm-api-key" \
  -d '{
    "system_prompt": "You are a helpful assistant.",
    "retrieved_docs": [{
      "doc_id": "tool_output",
      "content": "content to check for injection",
      "source": "web",
      "trust_tier": "untrusted"
    }]
  }'

Returns {status: 'safe'} or {status: 'blocked'}. Add this check after any tool call that returns external content.

Supported providers:

OpenAI Groq Together Fireworks Ollama

Pricing

Beta — Free

500 checks/day. BYOK — uses your own LLM key. ~$0.001 per check. No credit card required.

Need more?

Higher limits, team support, and audit logs coming soon.

Get in touch →