Hidden in Memory: Sleeper Memory Poisoning in LLM Agents
The paper discusses a new security risk associated with large language models that utilize persistent memory. It introduces the concept of sleeper memory poisoning, where adversaries can manipulate external contexts to implant false memories in the models. The study evaluates the effectiveness of this attack, revealing a high success rate in influencing future interactions with the models.
- ▪Sleeper memory poisoning allows adversaries to corrupt what an assistant remembers.
- ▪The attack can remain dormant and re-emerge in future conversations.
- ▪Poisoned memories were successfully added in up to 99.8% of cases on GPT-5.5.
- ▪Among successful retrievals, poisoned memories led to attacker-intended actions in 60-89% of evaluations.
Opening excerpt (first ~120 words) tap to expand
Computer Science > Cryptography and Security arXiv:2605.15338 (cs) [Submitted on 14 May 2026] Title:Hidden in Memory: Sleeper Memory Poisoning in LLM Agents Authors:Sidharth Pulipaka, Stanislau Hlebik, Leonidas Raghav, Sahar Abdelnabi, Vyas Raina, Ivaxi Sheth, Mario Fritz View a PDF of the paper titled Hidden in Memory: Sleeper Memory Poisoning in LLM Agents, by Sidharth Pulipaka and 6 other authors View PDF HTML (experimental) Abstract:Large language models are increasingly augmented with persistent memory, allowing assistants to store user-specific information across sessions for personalization and continuity. This statefulness introduces a new security risk: adversarial content can corrupt what an assistant remembers and thereby influence future interactions.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at arXiv cs.AI.
Discussion
0 commentsMore from arXiv cs.AI
