SAIL 2.0

/

Deploy - Runtime Guardrails

/

Agent Memory and Context Poisoning

5.6

.

Agent Memory and Context Poisoning

sail
5.6
Risk

Agent Memory and Context Poisoning

Description

Adversarial inputs commit malicious content into agent memory, vector stores, or context window โ€” evicting safety instructions or persisting across sessions.

Example

An attacker plants instructions in a shared memory store; subsequent agent sessions inherit the poisoned context and act on the attacker's directives across multiple users.

Assets Affected

Agent Memory / Cache

Dataset / RAG

AI Agent

Mitigation
  • Validate inputs before commitment to memory
  • partition memory per agent and per tenant
  • integrity-check stored vectors
  • limit context size
  • monitor for cross-session anomalies.
Standards Mapping
  • ISO: A.7.4
  • OWASP agentic: ASI06
  • OWASP LLM: LLM01:2025, LLM08:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.1, Agents-MCP Server 13.24
  • AIUC-1: A005, B001