cd /news/ai-safety/when-agents-remember-too-much-memory… · home topics ai-safety article
[ARTICLE · art-52125] src=machinebrief.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

When Agents Remember Too Much: Memory Poisoning Attacks on Large Language Model Agents

Researchers introduced GhostWriter, a novel attack that poisons the long-term memory of personal AI agents by injecting hidden payloads, achieving 98% injection and 60% activation rates against state-of-the-art agents. The attack exploits the lack of security-focused memory governance in tool-using agents that handle sensitive data. The team proposed AM-Sentry, a mitigation that reduces GhostWriter's success rate while preserving agent utility.

read1 min views1 publishedJul 9, 2026

arXiv:2607.06595v1 Announce Type: cross Abstract: Personal AI agents powered by large language models can reason and act using available tools to access emails, manage calendars, and push code to remote repositories, all with minimal oversight. When augmented with long-term memory, an agent can recall specific details relevant to the current task, reducing the need for large context windows. Currently, long-term memory agents tend to fall into two distinct domains: conversational and action-planning agents. Personal assistant agents sit at the convergence of these two domains and handle sensitive information while interacting with untrusted information sources, creating previously unaccounted security vulnerabilities. In this work, we introduce the novel attack vector, GhostWriter, which exploits current memory subsystems in tool-using personal agents to poison their memory store. GhostWriter operates in two phases: injection, where an adversary sends a hidden attack payload to the target agent; and activation, in which the poisoned memory is retrieved. We show that GhostWriter achieves near-universal injection rates of approximately 98% and a high average activation rate of approximately 60% against state-of-the-art agents. This attack is possible due to the lack of security-focused memory governance. In response, we propose Agentic Memory Sentry (AM-Sentry), which leverages two mitigation techniques: a memory-saving policy and a memory-retrieval screen. Our experiments show that AM-Sentry dramatically reduces GhostWriter's success rate while preserving agent utility.

── more in #ai-safety 4 stories · sorted by recency
── more on @ghostwriter 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/when-agents-remember…] indexed:0 read:1min 2026-07-09 ·