{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:4BMHFWMQDFN6BHMGJRVVUIY532","short_pith_number":"pith:4BMHFWMQ","schema_version":"1.0","canonical_sha256":"e05872d990195be09d864c6b5a231dde8c598b4bc6501395c685c600b91287c8","source":{"kind":"arxiv","id":"2605.26154","version":1},"attestation_state":"computed","paper":{"title":"MemMorph: Tool Hijacking in LLM Agents via Memory Poisoning","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Bowen Shen, Haoran Ou, Kaiyu Zhou, Kwok-Yan Lam, Tianwei Zhang, Xuanye Zhang, Yongsen Zheng, Zhuqin Xu","submitted_at":"2026-05-24T04:26:13Z","abstract_excerpt":"LLM-driven agents are capable of selecting external tools to complete users' tasks. However, attackers could compromise such process, steering agents toward inappropriate/wrong tools and enabling malicious actions. Most existing attacks primarily manipulate the tool metadata, which is easily detectable by auditing and may lose effectiveness as modern agents increasingly adopt memory modules to refine tool selection policies through accumulated experience. This paper proposes MemMorph, the first attack that bias tool selection by poisoning the agent's long-term memory. Rather than explicitly di"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2605.26154","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-05-24T04:26:13Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"f8121cdaa03f64527a357842f6734f44aa81528e0f4ca767e481cc2c7a28f526","abstract_canon_sha256":"6c843d3d55cb92f192b6643aa424e6c0519eeffbe74e3ae85926742e4588bfe7"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-27T00:04:26.618477Z","signature_b64":"M/sqRYyFYmsnv+wgDRKH/1IAKK0Y3KT29JpIeJBaFx7qRKpd2QLMvltoKQny4OApqQYpg/6GU2XeI2P7X3loCQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"e05872d990195be09d864c6b5a231dde8c598b4bc6501395c685c600b91287c8","last_reissued_at":"2026-05-27T00:04:26.617952Z","signature_status":"signed_v1","first_computed_at":"2026-05-27T00:04:26.617952Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"MemMorph: Tool Hijacking in LLM Agents via Memory Poisoning","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Bowen Shen, Haoran Ou, Kaiyu Zhou, Kwok-Yan Lam, Tianwei Zhang, Xuanye Zhang, Yongsen Zheng, Zhuqin Xu","submitted_at":"2026-05-24T04:26:13Z","abstract_excerpt":"LLM-driven agents are capable of selecting external tools to complete users' tasks. However, attackers could compromise such process, steering agents toward inappropriate/wrong tools and enabling malicious actions. Most existing attacks primarily manipulate the tool metadata, which is easily detectable by auditing and may lose effectiveness as modern agents increasingly adopt memory modules to refine tool selection policies through accumulated experience. This paper proposes MemMorph, the first attack that bias tool selection by poisoning the agent's long-term memory. Rather than explicitly di"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.26154","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.26154/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.26154","created_at":"2026-05-27T00:04:26.618033+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.26154v1","created_at":"2026-05-27T00:04:26.618033+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.26154","created_at":"2026-05-27T00:04:26.618033+00:00"},{"alias_kind":"pith_short_12","alias_value":"4BMHFWMQDFN6","created_at":"2026-05-27T00:04:26.618033+00:00"},{"alias_kind":"pith_short_16","alias_value":"4BMHFWMQDFN6BHMG","created_at":"2026-05-27T00:04:26.618033+00:00"},{"alias_kind":"pith_short_8","alias_value":"4BMHFWMQ","created_at":"2026-05-27T00:04:26.618033+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532","json":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532.json","graph_json":"https://pith.science/api/pith-number/4BMHFWMQDFN6BHMGJRVVUIY532/graph.json","events_json":"https://pith.science/api/pith-number/4BMHFWMQDFN6BHMGJRVVUIY532/events.json","paper":"https://pith.science/paper/4BMHFWMQ"},"agent_actions":{"view_html":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532","download_json":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532.json","view_paper":"https://pith.science/paper/4BMHFWMQ","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.26154&json=true","fetch_graph":"https://pith.science/api/pith-number/4BMHFWMQDFN6BHMGJRVVUIY532/graph.json","fetch_events":"https://pith.science/api/pith-number/4BMHFWMQDFN6BHMGJRVVUIY532/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532/action/timestamp_anchor","attest_storage":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532/action/storage_attestation","attest_author":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532/action/author_attestation","sign_citation":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532/action/citation_signature","submit_replication":"https://pith.science/pith/4BMHFWMQDFN6BHMGJRVVUIY532/action/replication_record"}},"created_at":"2026-05-27T00:04:26.618033+00:00","updated_at":"2026-05-27T00:04:26.618033+00:00"}