Back to Catalog
Owasp Agentic AI
top10_2026
ASI06 - Memory & Context Poisoning
Attackers plant malicious data in agent memory or RAG databases to influence future decisions.
Intent & Description
'
🎯 Intent
Protect agent memory and context stores from adversarial manipulation that could influence future behavior.
📋 Context
Agents with persistent memory or access to shared knowledge bases can be poisoned by injecting malicious data that influences future reasoning and decision-making.
💡 Solution
Validate all data before memory storage. Implement memory integrity checks. Use access controls on shared memories. Monitor for anomalous memory modifications. Apply data provenance tracking. Implement memory hygiene policies.'
Real-world Use Case
Use when agents have persistent memory, shared knowledge bases, or retrieval-augmented generation capabilities.
📌 TL;DR
Protect agent memory from poisoning. Validate stored data, check integrity, control access, track data provenance.
Advantages
- Maintains reasoning integrity
- Prevents long-term manipulation
- Enables memory auditing
- Supports reliable agent behavior
Disadvantages
- Memory validation adds overhead
- Subtle poisoning is hard to detect
- Memory pruning may lose useful data