Memory Poisoning and Agent State
Synthesis
Persistent memory and retrieved experience create long-lived attack surfaces: poisoned state can survive beyond a single interaction and influence future decisions.
Evidence Base
This page was generated from the batch ingest of SRC-20260702-raw-papers-batch, SRC-20260702-raw-whitepapers-batch, and SRC-20260702-raw-news-batch. Treat it as a navigation and synthesis page; promote individual statements into claim pages when they become decision-relevant.
Representative Sources
| Title | Kind | Date | Tags | Raw |
|---|---|---|---|---|
| Securing LLM-Agent Long-Term Memory Against Poisoning: Non-Malleable, Origin-Bound Authority with Ma | paper | 2026-06-23 | agent-memory, ai-security, formal-methods, memory-poisoning, provenance | raw |
| When Your AI Agent's Memory Becomes a Security Liability | incident_report | 2026-06-11 | agent-memory, checkpointer, deserialization, langgraph, rce, security-for-ai | raw |
| SMSR: Certified Defence Against Runtime Memory Poisoning in Persistent LLM Agent Systems | paper | 2026-06-11 | agent-memory, ai-security, certified-defense, memory-poisoning, persistent-agents | raw |
| From Untrusted Input to Trusted Memory: A Systematic Study of Memory Poisoning Attacks in LLM Agents | paper | 2026-06-03 | Aditi Jain, Pritam Dash, Tanmay Shah, Tongyu Ge, Zhiwei Shang, agent-memory | raw |
| MemMorph: Tool Hijacking in LLM Agents via Memory Poisoning | paper | 2026-05-24 | accumulated-experience, memory-poisoning, persistent-state, tool-hijacking, tool-selection | raw |
| MemAudit: Post-hoc Auditing of Poisoned Agent Memory via Causal Attribution and Structural Anomaly D | paper | 2026-05-22 | anomaly-detection, causal-attribution, counterfactual-replay, memory-audit, poisoning | raw |
| State Contamination in Memory-Augmented LLM Agents | paper | 2026-05-16 | mas-misevolution-propagation, memory-laundering, memory-poisoning, multi-agent-rollouts, persistent-state, state-contamination | raw |
| Memory poisoning and secure multi-agent systems | paper | 2026-03-20 | episodic-memory, mas-misevolution-propagation, memory-poisoning, multi-agent, secure-mas, semantic-memory | raw |
| SuperLocalMemory: Privacy-Preserving Multi-Agent Memory with Bayesian Trust Defense Against Memory P | paper | 2026-02-17 | architectural-isolation, bayesian-trust, mas-misevolution-propagation, mcp, memory-poisoning, multi-agent-memory | raw |
| Memory Poisoning Propagation and Repair Mechanism in Multi-Agent Collaborative Environments | paper | 2026-02-14 | contrastive-learning, evidence-graph, mas-misevolution-propagation, memory-poisoning, multi-agent, propagation | raw |
| Memory Poisoning Attack and Defense on Memory Based LLM-Agents | paper | 2026-01-09 | memory-poisoning, memory-sanitization, query-only-attack, temporal-decay, trust-aware-retrieval | raw |
| MemoryGraft: Persistent Compromise of LLM Agents via Poisoned Experience Retrieval | paper | 2025-12-18 | experience-retrieval, memory-poisoning, persistent-compromise, rollout-buffer-security | raw |
Open Questions
- Which evidence in this cluster is strongest enough to support a stable claim?
- Which results generalize across models, tools, and deployment settings?
- Which controls have been evaluated under realistic adversarial conditions?