diff --git a/lib/protector/adapters/active_record/relation.rb b/lib/protector/adapters/active_record/relation.rb
index 06dc6e5..a188a01 100644
--- a/lib/protector/adapters/active_record/relation.rb
+++ b/lib/protector/adapters/active_record/relation.rb
@@ -139,6 +139,7 @@ def exec_queries_with_protector(*args)
 
           # Preserve associations from internal loading. We are going to handle that
           # ourselves respecting security scopes FTW!
+          relation = relation.clone
           associations, relation.preload_values = relation.preload_values, []
 
           @records = relation.send(:exec_queries).each { |record| record.restrict!(subject) }
@@ -179,6 +180,7 @@ def protector_substitute_includes(subject, relation)
               end
             end
           else
+            relation = relation.clone
             relation.preload_values += includes_values
             relation.includes_values = []
           end