{"id":"https://openalex.org/W7123280946","doi":"https://doi.org/10.48550/arxiv.2601.05504","title":"Memory Poisoning Attack and Defense on Memory Based LLM-Agents","display_name":"Memory Poisoning Attack and Defense on Memory Based LLM-Agents","publication_year":2026,"publication_date":"2026-01-09","ids":{"openalex":"https://openalex.org/W7123280946","doi":"https://doi.org/10.48550/arxiv.2601.05504"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2601.05504","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.05504","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2601.05504","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109392460","display_name":"B. Ratna Sunil","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Sunil, Balachandra Devarangadi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122769812","display_name":"Isheeta Sinha","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sinha, Isheeta","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114139908","display_name":"Piyush Maheshwari","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Maheshwari, Piyush","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122747629","display_name":"Shantanu Todmal","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Todmal, Shantanu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122767545","display_name":"Shreyan Malik","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mallik, Shreyan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5020783300","display_name":"S. M. Mishra","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mishra, Shuchi","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5109392460"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.30140000581741333,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.30140000581741333,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.274399995803833,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12808","display_name":"Ferroelectric and Negative Capacitance Devices","score":0.05700000002980232,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.6985999941825867},{"id":"https://openalex.org/keywords/memory-model","display_name":"Memory model","score":0.4699000120162964},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.29980000853538513},{"id":"https://openalex.org/keywords/memory-errors","display_name":"Memory errors","score":0.2969000041484833},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.29010000824928284},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.2883000075817108}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7616999745368958},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.6985999941825867},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.636900007724762},{"id":"https://openalex.org/C12186640","wikidata":"https://www.wikidata.org/wiki/Q6815743","display_name":"Memory model","level":3,"score":0.4699000120162964},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.29980000853538513},{"id":"https://openalex.org/C119907115","wikidata":"https://www.wikidata.org/wiki/Q6815725","display_name":"Memory errors","level":3,"score":0.2969000041484833},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.29010000824928284},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.2883000075817108},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2784000039100647},{"id":"https://openalex.org/C93225998","wikidata":"https://www.wikidata.org/wiki/Q1941972","display_name":"Moderation","level":2,"score":0.27059999108314514},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.26499998569488525},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.25360000133514404}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2601.05504","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.05504","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2601.05504","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.05504","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.677717387676239,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"language":[1],"model":[2],"agents":[3,26,216],"equipped":[4],"with":[5,130,162],"persistent":[6],"memory":[7,11,29,84,105,177],"are":[8],"vulnerable":[9],"to":[10,184],"poisoning":[12,85],"attacks,":[13],"where":[14],"adversaries":[15],"inject":[16],"malicious":[17],"instructions":[18],"through":[19,79],"query":[20],"only":[21],"interactions":[22],"that":[23,37,127,175],"corrupt":[24],"the":[25,38,60],"long":[27],"term":[28],"and":[30,50,68,87,111,119,141,158,168,193],"influence":[31],"future":[32,203],"responses.":[33],"Recent":[34],"work":[35,75],"demonstrated":[36],"MINJA":[39],"(Memory":[40],"Injection":[41],"Attack)":[42],"achieves":[43],"over":[44],"95":[45],"%":[46,52],"injection":[47],"success":[48,54],"rate":[49,55],"70":[51],"attack":[53,97,136],"under":[56],"idealized":[57],"conditions.":[58],"However,":[59],"robustness":[61,98],"of":[62,83,108],"these":[63,77],"attacks":[64,86],"in":[65,89,217],"realistic":[66,128],"deployments":[67],"effective":[69,176],"defensive":[70],"mechanisms":[71],"remain":[72],"understudied.":[73],"This":[74],"addresses":[76],"gaps":[78],"systematic":[80],"empirical":[81],"evaluation":[82,173],"defenses":[88],"Electronic":[90],"Health":[91],"Record":[92],"(EHR)":[93],"agents.":[94],"We":[95,138],"investigate":[96],"by":[99],"varying":[100],"three":[101],"critical":[102],"dimensions:":[103],"initial":[104],"state,":[106],"number":[107],"indication":[109],"prompts,":[110],"retrieval":[112,164],"parameters.":[113],"Our":[114,171],"experiments":[115],"on":[116],"GPT-4o-mini,":[117],"Gemini-2.0-Flash":[118],"Llama-3.1-8B-Instruct":[120],"models":[121],"using":[122,150],"MIMIC-III":[123],"clinical":[124],"data":[125],"reveal":[126],"conditions":[129],"pre-existing":[131],"legitimate":[132],"memories":[133],"dramatically":[134],"reduce":[135],"effectiveness.":[137],"then":[139],"propose":[140],"evaluate":[142],"two":[143],"novel":[144],"defense":[145,172,205],"mechanisms:":[146],"(1)":[147],"Input/Output":[148],"Moderation":[149],"composite":[151],"trust":[152,181],"scoring":[153],"across":[154],"multiple":[155],"orthogonal":[156],"signals,":[157],"(2)":[159],"Memory":[160],"Sanitization":[161],"trust-aware":[163],"employing":[165],"temporal":[166],"decay":[167],"pattern-based":[169],"filtering.":[170],"reveals":[174],"sanitization":[178],"requires":[179],"careful":[180],"threshold":[182],"calibration":[183],"prevent":[185],"both":[186],"overly":[187],"conservative":[188],"rejection":[189],"(blocking":[190],"all":[191],"entries)":[192],"insufficient":[194],"filtering":[195],"(missing":[196],"subtle":[197],"attacks),":[198],"establishing":[199],"important":[200],"baselines":[201],"for":[202,212],"adaptive":[204],"mechanisms.":[206],"These":[207],"findings":[208],"provide":[209],"crucial":[210],"insights":[211],"securing":[213],"memory-augmented":[214],"LLM":[215],"production":[218],"environments.":[219]},"counts_by_year":[],"updated_date":"2026-01-14T23:40:02.550235","created_date":"2026-01-13T00:00:00"}