Loading...
針對持久代理記憶體儲存的攻擊——涵蓋記憶體投毒、上下文操控、外洩攻擊與自強化記憶體 payload。
代理記憶體系統——持久存儲跨會話資訊的機制——建立 AI 安全中最獨特的攻擊面之一。記憶體投毒是代理版本的 rootkit:一旦植入,它在攻擊者離開後仍持續影響所有未來互動。
注入影響代理未來行為的虛假記憶。自強化 payload 在被刪除時重新寫入自身。
利用記憶體增加指令的「權威」——記憶體中的指令可能被代理視為比即時提示詞更高優先。
從代理記憶體萃取敏感資訊——先前使用者的資料、系統設定。
Advanced techniques for injecting persistent instructions into AI agent memory systems, including semantic trojans, self-reinforcing payloads, dormant backdoors, and cross-session persistence mechanisms.
Techniques for exploiting LLM context window limits, including strategic context overflow to push out system instructions, attention manipulation, and context budget exhaustion attacks.
Techniques for extracting data from AI agent memory systems, including extracting previous conversations, revealing other users' data, and cross-session information leakage.
Injecting persistent false memories into agent memory systems to influence future behavior.
Manipulating memory retrieval mechanisms to surface adversarial context during agent reasoning.
Exploiting automatic memory summarization to embed persistent instructions in compressed context.
Achieving attack persistence across separate agent sessions through memory manipulation.
Exploiting memory systems that manage context window limitations to inject or suppress information.
Poisoning conversation history stores to alter the agent's understanding of prior interactions.
Exploiting memory summarization and compaction processes to persist adversarial instructions across compression cycles.
Manipulating memory retrieval ranking and priority scores to surface adversarial memories over legitimate ones.
Bypassing user-level and session-level memory isolation to access memories from other users or sessions.
Injecting structured data into memory systems that alters agent behavior when retrieved in future interactions.
Techniques for making adversarial memories resistant to cleanup, deletion, and purging operations.
Exploit the interaction between RAG retrieval and agent memory to create conflicting contexts that bypass safety.
Inject persistent instructions through memory compression and summarization processes in long-running agents.
Exploit memory eviction policies in context-limited agents to selectively remove safety-relevant context.
Poison memory spaces shared between multiple agents or users in multi-tenant agent deployments.
Poisoning vector-based memory stores in agent systems to inject false context into retrieval.
