Memory Poisoning

memoryinjectionRAGpersistenceknowledge-base

Attackers inject malicious data into the agent’s memory to manipulate future decisions, affecting any memory type from in-agent session to cross-agent cross-user memory.

Technical Details

Affected Components:

Memory Modules Tool Integration Frameworks Retrieval-Augmented Generation (RAG)

Impact Level:High

Attack Vectors

Data Injection: Injecting malicious payloads into session memory [High]
Context Manipulation: Altering agent’s context window to bias outputs [Medium]
Session Contamination: Cross-session poisoning via shared memory [Medium]
Poisoned RAG sources: Supplying tainted data to retrieval-augmented generation [High]
Training Data Corruption: Systematically poisoning knowledge bases with subtle biases [High]
Memory Persistence Attacks: Creating malicious memories that persist across sessions [Medium]

Impact Analysis

Risk Score: 9/10

Mitigation Categories

References

OWASP AI Security
RAG Poisoning Attack Techniques
Data Poisoning in AI Systems