The Endgame of General AI Assistants: gwern’s “Guardian Angel” Plan to Turn LLMs into Your Clone

gwern wrote a long post proposing a concept he calls “Guardian Angel”: Stop using general AI assistants and instead train an LLM digital twin that mimics you. This twin knows how you write, how you make decisions, what you would say no to — essentially your AI clone. It sounds like science fiction, but he provides a complete roadmap from alignment theory to engineering implementation.

The Fundamental Problem with General Assistants

As of mid-2026, all mainstream AI products are doing the same thing: general assistants. Claude, GPT, Gemini are all models optimized for everyone — good at answering questions, writing code, summarizing — but they don’t know you. They don’t know your writing rhythm, what you value when making decisions, or which things you’d reject.

gwern points out a deeper problem: Currently, there is no coherent approach that enables knowledge workers or ordinary people to gain massive productivity improvements from LLMs, nor any plan to handle the accompanying cybersecurity and cognitive security risks. General assistants can do a little bit of everything, but nothing well.

This is the classic principal-agent problem. You are the principal, the AI is the agent, but the agent doesn’t truly represent your interests. It represents the average of the training data.

Guardian Angel: Your AI Clone

gwern’s proposal is called Guardian Angel (GA). The core idea is to train an LLM specifically to imitate you, learning your personality, values, preferences, and decision-making patterns. You are the CEO, GA is your entire executive team. You only need to decide “what’s worth doing,” and GA handles “how to do it.”

On the operational side, GA learns by continuously collecting your behavioral data: the emails you write, the code commits you make, the meeting invitations you decline, the way you revise AI outputs. Every time you correct GA’s output, it updates its understanding of you.

This is completely different in scale from current “custom instructions” or “memory” features. Custom instructions are you telling the AI who you are; GA is the AI learning who you are by observing your behavior. The former is declarative, the latter is behavioral.

Why This Solves the Trust Problem

gwern’s key argument is that GA structurally solves the AI trust problem. Traditional AI assistants serve everyone, so their values are the greatest common denominator of all users. GA serves only you, so its values are your values.

In his own words, this is a “weak solution” to the principal-agent problem: making the principal and agent as unified as possible into one entity. GA is trustworthy because it is definitionally on your side.

This sounds like simplifying the alignment problem, but gwern is candid: GA doesn’t solve the larger AI alignment challenge. What it can do is help individual humans as part of a society-wide defense-in-depth strategy. One person’s GA can’t stop AGI-level threats, but an ecosystem of a hundred million GAs can greatly improve overall defensive capability.

Cognitive Security: Defending Against “Confused Deputy” Attacks

The security aspect of GA is its most interesting part. Current general AIs face a type of attack called “confused deputy”: attackers inject instructions that make the AI think it’s helping the user, but it’s actually executing the attacker’s intent. Prompt injection is the most common example.

GA’s defense logic is: because GA is hard-coded to a specific user, it has a deep behavioral model of “you.” Any instruction that deviates from this model triggers anomaly detection. It’s extremely hard for an attacker to simultaneously fake your writing style, decision preferences, and behavioral patterns.

Another security advantage is regular model upgrades. Each time the underlying model updates, GA recalibrates, and its defense capabilities advance with the frontier model. gwern calls this the “defender’s advantage”: attackers must continuously invest resources to crack an ever-changing target.

Technical Roadmap: Online Learning and DAgger Correction

Standard prompt programming (system prompts + custom instructions) cannot achieve the deep personalization GA requires. gwern lists four technical bottlenecks: post-training limitations, frozen model constraints, context window boundaries, and computational efficiency of self-attention.

The technical roadmap he proposes includes:

• Online learning via dynamic evaluation, allowing the model to update in real-time during inference.
• Using pre-trained preference-oriented models for sample efficiency, enabling rapid adaptation without massive personal data.
• DAgger-style active learning for error correction: every time the user modifies GA’s output, it becomes a training signal.

For interface design, gwern advocates local-first, CLI-first, log-first. All data stays on the user’s device; interaction is through command-line rather than GUIs; all operations are automatically logged for model learning. This is completely opposite to the mainstream “cloud + chat” direction of current AI products.

Who Will Build This

gwern discusses two paths: open-source community driven, or startup driven. He leans toward the latter, citing the high demands of secure deployment. When APT (Advanced Persistent Threat) attackers have Mythos-level AI capabilities, open-source projects struggle to maintain sufficient security standards.

The initial target users are “power users”: CEOs, researchers, high-output knowledge workers. These people have high time value, are willing to invest effort in training GA, and have enough behavioral data for the model to learn from. As the technology matures, it would gradually expand to ordinary users.

In the comments, someone raised a strong counterargument: Could long-term reliance on GA lead to “human atrophy”? When you outsource more and more cognitive work to your AI twin, won’t your own abilities degrade? gwern didn’t directly answer, but his framework implies an answer: GA aims to amplify your output quality, and you remain the ultimate decision-maker. The CEO doesn’t need to write every email personally, but the CEO needs to know which emails are worth writing.

Original link: https://www.lesswrong.com/posts/siWqHqCSybdhtWGud/guardian-angels-llm-personalization-for-productivity-and