Agents
MemoryTrap Attack Class: Poisoned Agent Memory Spreads Across Sessions, Users, and Subagents
Cisco research published in Help Net Security details the MemoryTrap attack class where a single poisoned memory object in an agentic AI system can propagate across sessions, users, and subagents through 'trust laundering' — mixing untrusted data with trusted data in shared instruction surfaces. If Agent A reads Agent B's memory, it inherits any hidden faults or malicious inputs, making memory a persistent retrieval and instruction layer that stores preferences, context summaries, workflow patterns, and learned behavior exploitable in future sessions. The researchers recommend tight validation scanning as an automated fact-checking process when data is transferred between agents.
↳ Follow the thread