Injected instructions or corrupted reasoning patterns are written into agent short- or long-term memory, learned behaviours are corrupted over repeated exposure, state storage is attacked directly, and malicious instructions persist across sessions and users.
AI/ML / Multi Agent Refarch / Threats / DEV
Agent memory and state poisoning
CCC.MARefArc.TH30
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP09 | Agent memory | Short-term in-session context management (trimming and summarization to control length, cost, and latency) and durable long-term memory across sessions, including session summaries and user/task personalization. |
| CCC.MARefArc.CP07 | Unified sandboxed agent runtime | Secure, sandboxed environment where all agentic reasoning and execution occurs, providing task state management for pause/resume/handoff and intercepting and validating tool calls with credentials handled securely within the sandbox. |
| CCC.MARefArc.CP11 | Adaptive learning | Generates learning signals based on execution outcomes to refine prompts, adjust agent configurations, or improve tool-selection strategies. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CN14 | Multi-Agent Isolation and Segmentation | Isolate agents and their memory and state so that compromise or failure of one agent cannot propagate to others, and enforce segmentation of agent-to-agent communication. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| air-vec | AIR-SEC-027-01 | |
| air-vec | AIR-SEC-027-02 | |
| air-vec | AIR-SEC-027-03 | |
| air-vec | AIR-SEC-027-04 | |
| air-vec | AIR-SEC-027-05 |