MemoryGraft
Collection Summary
Agent가 retrieved successful experiences를 모방하는 특성을 악용해 malicious procedure template를 long-term experience store에 심는 indirect injection attack이다.
Rollout-Buffer Relevance
- **Target store**: persistent RAG-backed experience memory containing successful task records.
- **Attack path**: benign-looking ingestion artifact -> poisoned successful experience -> semantic retrieval -> unsafe pattern imitation in later sessions.
- **Security relevance**: directly demonstrates that experience-based self-improvement can become a durable compromise mechanism.
- **Affected types**: experiential learners, retrieval-augmented agents, data-analysis agents, any agent that reuses successful trajectories.