Back to blog

January 29, 2026

Introducing OG Personal: Guardrails for Your Personal AI Assistant

OpenGuardrails Team · Product Announcements·6 min read·Product, Security, Open Source

Personal AI assistants are no longer toys.

Runtimes like OpenClaw (formerly Clawdbot / Moltbot) let agents:

  • Execute shell commands
  • Browse the web
  • Read and write local files
  • Send messages across Telegram, Discord, WhatsApp, and more

That power comes with a new class of risk — and most users have zero visibility into what their agents can actually do.

Today, we're introducing OG Personal, the personal edition of OpenGuardrails: the first guard agent designed specifically for personal AI assistants.

The Problem: Powerful Agents, Invisible Risk

Modern personal agents operate with real system access. But security today is implicit, fragile, and opaque:

  • Users don't know what assets are exposed
  • Prompt injection and tool abuse go unnoticed
  • Credential leakage happens silently
  • There's no audit trail when things go wrong

Security tooling has existed for enterprise AI — but not for individuals.

OG Personal changes that.

What Is OG Personal?

OG Personal runs as a local daemon alongside your assistant runtime.

It doesn't replace your agent. It watches, analyzes, and protects it in real time.

Core capabilities:

Observability

  • Agent inventory and session tracking
  • Asset discovery (files, credentials, tools, permissions)
  • Entry point mapping and blast radius analysis

Threat Detection

  • LLM-powered detection across 19 threat types
  • Prompt injection, system override, credential exposure
  • Malicious code, destructive file operations, data exfiltration

Controls

  • Safety rules with confirmation gates
  • Isolation and auto-blocking policies
  • Emergency pause and kill switches

Governance

  • Execution timeline replay
  • Structured audit logs
  • Risk scoring and historical trends

All designed for non-technical users, not security teams.

How It Works (High Level)

OG Personal integrates at the most critical layer: LLM input, output, and tool execution.

Using OpenClaw's plugin system, it intercepts:

  • User messages
  • System prompts
  • LLM responses
  • Tool calls (shell, file, network, etc.)

Each step is scanned using a two-tier model:

  • Fast local checks for obvious risks
  • Deep LLM analysis via OpenGuardrails for ambiguous cases

Every decision is logged. Every action is attributable.

Open Source, User-Owned

OG Personal is fully open source and runs locally.

  • No hidden enforcement logic
  • No opaque cloud control plane
  • Users own their data, logs, and decisions

You can inspect the entire codebase here: https://github.com/openguardrails/og-personal

Why This Matters

Personal AI is becoming long-running infrastructure, not a chat session.

As agents gain autonomy, security can't be an afterthought — and it can't require a security team either.

OG Personal is our answer to that gap:

Security that's visible, controllable, and understandable — for individuals.

This is just the beginning. We're excited to build this together with the community.

Questions or want to contribute? Reach out to thomas@openguardrails.com or visit the OG Personal GitHub repository.