Risk
Untested Memory Persistence Attacks
Description
No testing for cross-session memory injection, persistent context corruption or poisoning that survives across agent runs.
Example
An attacker poisons a shared vector store such that all subsequent agent sessions inherit a malicious instruction; the red team only tested single-session behavior.
Assets Affected
Agent Memory / Cache
Dataset / RAG
AI Agent
Mitigation
- Include memory-persistence and corpus-poisoning scenarios in red team
- test injection across session boundaries
- validate memory and RAG integrity over time.
Standards Mapping
- ISO: A.6.2.4, A.7.4
- OWASP agentic: ASI06
- OWASP LLM: LLM04:2025, LLM08:2025
- EU AI Act: Art. 15(5)
- DASF: Agents-Core 13.1
- AIUC-1: B001, A005