OWASP ASI06 Memory and Context Poisoning

What is OWASP ASI06 Memory and Context Poisoning?

Memory and context poisoning plants false information in long-term agent state - session memory, user profiles, or RAG indexes - so every later turn inherits the lie.

What this looks like in production

Unlike one-shot injection, poisoned memory is durable. Retrieval still looks confident; only the source was wrong weeks ago.

What teams usually do about it

  • Validate before writing to durable memory.
  • Version, expire, and audit long-lived agent state.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox