ATR-2026-00075highContext Exfiltrationexperimental
Agent Memory Manipulation
Detects attempts to poison or manipulate an agent's persistent memory, long-term context, or state storage. Attackers inject commands that instruct the agent to remember false information, update its own instructions, or modify its persistent behavior across sessions. Successful memory poisoning can establish persistent backdoors that survive context resets and affect all future interactions.
嚴重度
high
類別
Context Exfiltration
掃描目標
mcp
作者
ATR Community
建議回應
block inputalertsnapshotreset contextescalate
參考資料
OWASP Agentic
ASI06:2026 - Memory and Context Poisoning
OWASP LLM
LLM01:2025 - Prompt InjectionLLM02:2025 - Sensitive Information Disclosure
MITRE ATLAS
AML.T0051 - LLM Prompt Injection
更多 Context Exfiltration 規則
ATR-2026-00020highSystem Prompt and Internal Instruction LeakageATR-2026-00021criticalCredential and Secret Exposure in Agent OutputATR-2026-00102highData Exfiltration via Disguised Analytics CollectionATR-2026-00113criticalCredential File Theft from Agent EnvironmentATR-2026-00114highOAuth and API Token Interception