{"id":"https://openalex.org/W7130408801","doi":"https://doi.org/10.48550/arxiv.2602.15344","title":"ER-MIA: Black-Box Adversarial Memory Injection Attacks on Long-Term Memory-Augmented Large Language Models","display_name":"ER-MIA: Black-Box Adversarial Memory Injection Attacks on Long-Term Memory-Augmented Large Language Models","publication_year":2026,"publication_date":"2026-02-17","ids":{"openalex":"https://openalex.org/W7130408801","doi":"https://doi.org/10.48550/arxiv.2602.15344"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2602.15344","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.15344","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2602.15344","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5120024993","display_name":"Mitchell Piehl","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Piehl, Mitchell","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126355747","display_name":"Zhaohan Xi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xi, Zhaohan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054098183","display_name":"Zuobin Xiong","orcid":"https://orcid.org/0000-0002-6562-9825"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiong, Zuobin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126278892","display_name":"Pan He","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"He, Pan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5126335308","display_name":"Muchao Ye","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ye, Muchao","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5120024993"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.3230000138282776,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.3230000138282776,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.29739999771118164,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.0608999989926815,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8575999736785889},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6216999888420105},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5383999943733215},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.43070000410079956},{"id":"https://openalex.org/keywords/mechanism","display_name":"Mechanism (biology)","score":0.3393999934196472},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.32589998841285706}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8575999736785889},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7730000019073486},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6216999888420105},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5748000144958496},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5383999943733215},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.43070000410079956},{"id":"https://openalex.org/C89611455","wikidata":"https://www.wikidata.org/wiki/Q6804646","display_name":"Mechanism (biology)","level":2,"score":0.3393999934196472},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.32589998841285706},{"id":"https://openalex.org/C12186640","wikidata":"https://www.wikidata.org/wiki/Q6815743","display_name":"Memory model","level":3,"score":0.2937000095844269},{"id":"https://openalex.org/C2985957978","wikidata":"https://www.wikidata.org/wiki/Q492","display_name":"Human memory","level":3,"score":0.28679999709129333},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.2759000062942505},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.27489998936653137},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.26179999113082886},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.25200000405311584}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2602.15344","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.15344","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2602.15344","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.15344","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"language":[1],"models":[2],"(LLMs)":[3],"are":[4],"increasingly":[5],"augmented":[6],"with":[7],"long-term":[8,59,112],"memory":[9,32,49,113,131],"systems":[10,114],"to":[11],"overcome":[12],"finite":[13],"context":[14],"windows":[15],"and":[16,72,80,94,111,122,133],"enable":[17],"persistent":[18],"reasoning":[19],"across":[20,108,130],"interactions.":[21],"However,":[22],"recent":[23],"research":[24],"finds":[25],"that":[26,52,68,97,116,128],"LLMs":[27,110],"become":[28],"more":[29],"vulnerable":[30],"because":[31],"provides":[33],"extra":[34],"attack":[35,76,92],"surfaces.":[36],"In":[37,83],"this":[38,70],"paper,":[39],"we":[40],"present":[41],"the":[42,54],"first":[43],"systematic":[44],"study":[45],"of":[46,90],"black-box":[47],"adversarial":[48],"injection":[50],"attacks":[51,79,96],"target":[53],"similarity-based":[55,117],"retrieval":[56,118],"mechanism":[57],"in":[58],"memory-augmented":[60],"LLMs.":[61],"We":[62],"introduce":[63],"ER-MIA,":[64],"a":[65,120],"unified":[66],"framework":[67],"exposes":[69],"vulnerability":[71],"formalizes":[73],"two":[74],"realistic":[75],"settings:":[77],"content-based":[78],"question-targeted":[81],"attacks.":[82],"these":[84],"settings,":[85],"ER-MIA":[86],"includes":[87],"an":[88],"arsenal":[89],"composable":[91],"primitives":[93],"ensemble":[95],"achieve":[98],"high":[99],"success":[100],"rates":[101],"under":[102],"minimal":[103],"attacker":[104],"assumptions.":[105],"Extensive":[106],"experiments":[107],"multiple":[109],"demonstrate":[115],"constitutes":[119],"fundamental":[121],"system-level":[123],"vulnerability,":[124],"revealing":[125],"security":[126],"risks":[127],"persist":[129],"designs":[132],"application":[134],"scenarios.":[135]},"counts_by_year":[],"updated_date":"2026-02-19T06:31:58.851227","created_date":"2026-02-19T00:00:00"}