MemPoison: Uncovering Persistent Memory Threats and Structural Blind Spots in LLM Agents
Jul 17, 2026
A new preprint introduces MemPoison, a benchmark and analysis framework for evaluating persistent memory attacks on LLM agents. The study covers 1,227 hand-validated attack cases across four attack types and three injection channels, revealing that while write-time defenses can suppress direct attacks, they are ineffective against more complex compositional and context-triggered attacks. The authors propose a taxonomy of attack types and demonstrate structural blind spots in current defense mechanisms, advocating for adaptive, context-sensitive memory defense strategies.
Why it matters: This work exposes critical and previously underappreciated security vulnerabilities in LLM agents with persistent memory, indicating that current defenses are inadequate against sophisticated multi-step attacks.
Full story at: arXiv Cryptography and Security ↗