Hijacking Agent Memory: Stealthy Trojan Attacks Through Conversational Interaction
arXiv·high signal
Introduces a new attack surface for LLM agents with long-term memory. Unlike prior memory poisoning that assumes direct write access, this attack works through normal conversational interaction, bypassing selective extraction and rewriting stages in modern memory pipelines. Critical finding for anyone building persistent agent architectures with memory modules.