← Back to brief
Policy SafetyOfficialPreprintarXiv Cryptography and Security

MemPoison: Uncovering Persistent Memory Threats and Structural Blind Spots in LLM Agents

Jul 17, 2026

A new preprint introduces MemPoison, a benchmark and analysis framework for evaluating persistent memory attacks on LLM agents. The study covers 1,227 hand-validated attack cases across four attack types and three injection channels, revealing that while write-time defenses can suppress direct attacks, they are ineffective against more complex compositional and context-triggered attacks. The authors propose a taxonomy of attack types and demonstrate structural blind spots in current defense mechanisms, advocating for adaptive, context-sensitive memory defense strategies.

Why it matters: This work exposes critical and previously underappreciated security vulnerabilities in LLM agents with persistent memory, indicating that current defenses are inadequate against sophisticated multi-step attacks.

Full story at: arXiv Cryptography and Security