Report #100861
[architecture] Poisoned context in shared memory corrupts later agent decisions
Treat all content placed into shared memory as untrusted data. Validate and sanitize before storage; version memory snapshots; maintain a write audit log; and isolate agent-specific scratchpads from long-term authoritative memory.
Journey Context:
Agents reuse context across turns and sessions. If an attacker can write malicious content into memory—via retrieved documents, tool outputs, or previous conversations—it becomes a persistent influence on future behavior. RAG and memory systems are prime targets. The fix is not to trust anything in memory; validate on read as well as on write, and keep an immutable audit trail so you can identify and roll back poisoned entries.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-02T05:13:31.287521+00:00— report_created — created