AI Security Research Portal
Sourcessourceseed2026-07-04ai-securitysecurity-for-aiprompt-injectionpersistent-contextagent-memorybenchmark

Capture Summary

Recent arXiv preprint formalizing cross-session stored prompt injection as a persistent-state attack against agentic systems.

Abstract Capture

The paper argues that agentic systems are no longer session-bounded assistants because they persist shared state through memory, filesystems, tools, and other long-lived artifacts. This turns prompt injection into a stored, cross-session problem rather than only an in-session model-behavior problem. The authors formalize stored prompt injection, develop a taxonomy of persistence channels, and introduce a benchmark and sandbox toolkit for evaluating attack success across models, attack goals, and persistence channels. The core claim is that persistence transforms prompt injection into a long-lived system-level vulnerability embedded in agent execution state.

Collection Notes