Glossary term
Glossary term
Security
Manipulation of an AI system's persistent memory, user profile, retrieved notes, or stored context so future outputs or actions are influenced in unauthorized ways. Controls include memory scoping, user-visible memory review, deletion, provenance, trusted-source rules, and monitoring for unexpected persistent instructions.
Embrace The Red researcher Johann Rehberger demonstrated ChatGPT memory poisoning in 2024, where a malicious website could inject persistent memories.
OWASP LLM Top 10 2025 addresses memory poisoning as a class of attack relevant to agentic systems with persistent state.
Microsoft's research on agent identity and Copilot memory boundaries explicitly addresses memory poisoning as a top concern for agentic systems.