Agent memory attacks have a proposed fix, but no easy library yet

Two recent research papers address and in AI agents with the same approach: . This approach controls where information can move and what actions it can affect, so risky or does not lead to unsafe behavior.

happens when harmful content enters an agent’s memory and later pushes the agent into a bad action, such as sending money, changing settings, or leaking data. happens when used for a task escapes through the agent’s actions, such as sensitive searches, , or memory writes.

One paper was machine-checked and reported 0% attack success across 8 models after was applied. There does not appear to be a ready-to-use library that can simply plug into their agents for this protection.

Key points

  • Two papers focus on and in AI agents.
  • Both use to limit how information can affect later actions.
  • One paper reports 0% attack success across 8 models after the control method is applied.
  • There is no clear plug-and-play library for this yet.
  • Agent builders should treat memory and as security-sensitive parts of the system.
Read original