Report #101395
[frontier] Poisoned memory or retrieved context changes agent behavior across sessions
Cryptographically sign or version memory writes; run integrity checks on retrieved context before use; separate durable memory from working memory; detect anomalies in recall results that contradict the codebase or prior verified facts.
Journey Context:
OWASP ASI06 \(Memory & Context Poisoning\) recognizes that agents increasingly persist state in vector stores, memory APIs, and RAG systems. A single poisoned memory can reshape behavior long after the injection. The 2026 pattern is to treat memory like a database: writes are validated, reads are logged, and retrieved 'facts' must be reconciled against a source of truth before they influence planning. This is why black-box memory layers like Nautilus Compass keep raw prompts so drift can be scored, not just recalled.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:29:08.672722+00:00— report_created — created