SAIL 2.0

/

Test - AI Red Teaming

/

Untested Memory Persistence Attacks

4.9

.

Untested Memory Persistence Attacks

sail
4.9
Risk

Untested Memory Persistence Attacks

Description

No testing for cross-session memory injection, persistent context corruption or poisoning that survives across agent runs.

Example

An attacker poisons a shared vector store such that all subsequent agent sessions inherit a malicious instruction; the red team only tested single-session behavior.

Assets Affected

Agent Memory / Cache

Dataset / RAG

AI Agent

Mitigation
  • Include memory-persistence and corpus-poisoning scenarios in red team
  • test injection across session boundaries
  • validate memory and RAG integrity over time.
Standards Mapping
  • ISO: A.6.2.4, A.7.4
  • OWASP agentic: ASI06
  • OWASP LLM: LLM04:2025, LLM08:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.1
  • AIUC-1: B001, A005