ATR-2026-00075highContext Exfiltrationexperimental
Agent Memory Manipulation
Detects attempts to poison or manipulate an agent's persistent memory, long-term context, or state storage. Attackers inject commands that instruct the agent to remember false information, update its own instructions, or modify its persistent behavior across sessions. Successful memory poisoning can establish persistent backdoors that survive context resets and affect all future interactions.
Severity
high
Category
Context Exfiltration
Scan Target
mcp
Author
ATR Community
Response Actions
block inputalertsnapshotreset contextescalate
References
OWASP Agentic
ASI06:2026 - Memory and Context Poisoning
OWASP LLM
LLM01:2025 - Prompt InjectionLLM02:2025 - Sensitive Information Disclosure
MITRE ATLAS
AML.T0051 - LLM Prompt Injection
More Context Exfiltration Rules
ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent EnvironmentATR-2026-00114highOAuth and API Token Interception