AI Security Research Portal
Sourcessourceseed2026-07-04ai-securityself-evolving-agentrollout-bufferexperience-memoryattack-surfacecollection

Self-Evolving Agent Rollout and Experience Buffer Collection

Collection Scope

자가 진화형 agent가 다음 evolution step에서 참고하는 history store를 조사했다. rollout buffer를 넓게 뭉개지 않고 다음을 구분한다.

Type And Buffer Matrix

Agent/evaluation typeRepresentative sourceHistory storeUses rollout buffer?Primary new attack surface
RL-style self-evolving agentAgentEvolverExperience Pool, trajectory profile, attributed rewardsYes, explicit functional poolexperience selection, reward/credit poisoning
Agent-environment co-evolutionRole-Agentrollout batches, failed trajectories, failure reflectionsYes; durable retention unclearenvironment prediction and failure-cluster poisoning
Agent-data co-evolutionCoEvolverollout-derived forgetting/uncertainty, evolved task distributionUses rollout trajectories; explicit replay policy unclearuncertainty spoofing, task-synthesis poisoning
Multi-agent curriculum evolutionSAGEverified question and plan poolNo generic rollout buffercritic/verifier capture, curriculum drift
Experiential language agentExpeLFaiss experience pool, successful trajectories, insightsYes, explicit experience poolretrieved demonstration poisoning, privacy leakage
Self-reflective agentReflexionepisodic memory buffer with trajectory and reflectionYes, explicit bufferfeedback/reflection poisoning, context eviction
Embodied lifelong agentVoyagerexecutable skill library and automatic curriculumNo generic rollout buffermalicious skill admission and unsafe composition
Self-modifying code/algorithm agentExisting DGM/AlphaEvolve sourcesagent/program candidate archiveArchive rather than rollout bufferevaluator gaming, archive lineage corruption
Skill-evolving agentExisting SkillOpt/SkillLens sourcesrollout evidence -> natural-language skill artifactRollout evidence, implementation-specific retentiontrace poisoning, negative transfer, unsafe promotion
Experience-retrieval attackMemoryGraftsuccessful experience RAG storeTargets functional rollout memorypersistent unsafe-procedure imitation
Memory-misevolution benchmarkMemEvoBenchmixed benign/misleading memory poolSimulates evolved memory stategradual drift and biased feedback accumulation
Memory-lineage defenseMemLineagesigned content-addressed memory plus derivation DAGProtects persistent history storetrusted-writer laundering and ancestry loss
Post-hoc memory auditMemAuditmemory store plus replay-based causal analysisAudits stored historydelayed attribution after harmful behavior
Tool-selection memory attackMemMorphfactual/episodic/policy memory and tool-use experienceTargets accumulated experiencepersistent tool hijacking
Generic retrieval backdoorAgentPoisonmemory/RAG demonstrationsTargets retrieval-indexed historysemantic trigger and low-rate backdoor poisoning

Emerging Attack-Surface Checklist

Existing Duplicates Not Recollected

Recommended Ingest Order

  1. AgentEvolver + ExpeL + Reflexion: establish rollout/experience-buffer architecture.
  2. MemoryGraft + MemEvoBench + MemMorph: define persistent experience poisoning and behavioral drift.
  3. MemLineage + MemAudit + Memory Poisoning Attack and Defense: collect provenance, audit, sanitization controls.
  4. Role-Agent + CoEvolve + SAGE: extend threat model to curriculum and agent-data co-evolution.
  5. Voyager + AgentPoison: connect skill-library persistence and retrieval-trigger baselines.

Collection Safety

All source content was treated as untrusted research material. Attack descriptions were summarized at the threat-model level; no source instructions, payloads, or attack code were executed.