Ultra13
Learn · Memory Safety

How do you prevent memory poisoning in AI agents?

Memory poisoning happens when hostile or incorrect context is stored as durable agent memory and later steers future sessions, users, tenants, or workflows. Prevent it by gating memory writes, labelling memory by source and trust class, separating preferences from instructions, expiring risky memory, and refusing to let untrusted memory authorize privileged actions.

By the Ultra13 teamPublished Updated
TL;DR
  • Memory poisoning turns a stored note into a future instruction.
  • Gate memory writes and label memory by source, trust class, and freshness.
  • Separate user preferences from operational instructions.
  • Never let untrusted memory authorize a privileged action.

Why memory is dangerous

Agent memory persists across sessions. If hostile content is written once, it can quietly steer later sessions, other users, or other tenants. Memory writes are not notes — they are future instructions unless gated.

The write gate and recall gate

A write gate decides what is allowed to become durable memory and labels it by source and trust. A recall gate decides what stored memory is allowed to influence — a preference can shape tone, but untrusted memory cannot authorize a tool call or export. This is the same source-to-sink discipline in a context firewall.

FAQ

Frequently asked questions

What is memory poisoning in AI agents?
When hostile or incorrect context is stored as durable memory and later influences future sessions, users, tenants, or workflows.
How do you secure AI agent memory?
Gate memory writes, label memory by source and trust class, separate preferences from instructions, expire risky entries, and prevent untrusted memory from authorizing privileged actions.

See where the firewall stops the path.

Give us one agent workflow. We’ll map the context boundary, replay the abuse paths, and show where the Context Firewall blocks them.