{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:VOPMAZ7VFBKHHWSOTB4ZE2FRXE","short_pith_number":"pith:VOPMAZ7V","schema_version":"1.0","canonical_sha256":"ab9ec067f5285473da4e98799268b1b9055df60f7d3d8342730f0e786755aff1","source":{"kind":"arxiv","id":"2606.04329","version":1},"attestation_state":"computed","paper":{"title":"From Untrusted Input to Trusted Memory: A Systematic Study of Memory Poisoning Attacks in LLM Agents","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Aditi Jain, Pritam Dash, Tanmay Shah, Tongyu Ge, Zhiwei Shang","submitted_at":"2026-06-03T01:04:13Z","abstract_excerpt":"Memory is a core component of AI agents, enabling them to accumulate knowledge across interactions and improve performance. However, persistent memory introduces the risk of memory poisoning, where a single adversarial memory write can exert long-term influence over agent behavior. We present a systematic study of memory poisoning in LLM-based agents. We identify four memory write channels and nine structural vulnerabilities in model capabilities, system prompt design, and agent system architecture that make these channels exploitable. Based on these vulnerabilities, we develop a taxonomy of s"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2606.04329","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-03T01:04:13Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"a388a889bb7816bd92a10c17dc2278c01208908d60688c32924d56770758e751","abstract_canon_sha256":"ca578a4ddcaf842cd1b2d11140310c336e0c07725dcb2225a7b4fc6ed2ee1f08"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-04T01:09:03.788286Z","signature_b64":"hWkLo1sgHFdpEVK2tC+q4MvWN+VKQKJyMtfWxJPWs2Q4OqHykcsrUwjaG890ef2k78EefvE9V2hg2UxdKvjXAA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"ab9ec067f5285473da4e98799268b1b9055df60f7d3d8342730f0e786755aff1","last_reissued_at":"2026-06-04T01:09:03.787122Z","signature_status":"signed_v1","first_computed_at":"2026-06-04T01:09:03.787122Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"From Untrusted Input to Trusted Memory: A Systematic Study of Memory Poisoning Attacks in LLM Agents","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Aditi Jain, Pritam Dash, Tanmay Shah, Tongyu Ge, Zhiwei Shang","submitted_at":"2026-06-03T01:04:13Z","abstract_excerpt":"Memory is a core component of AI agents, enabling them to accumulate knowledge across interactions and improve performance. However, persistent memory introduces the risk of memory poisoning, where a single adversarial memory write can exert long-term influence over agent behavior. We present a systematic study of memory poisoning in LLM-based agents. We identify four memory write channels and nine structural vulnerabilities in model capabilities, system prompt design, and agent system architecture that make these channels exploitable. Based on these vulnerabilities, we develop a taxonomy of s"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.04329","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.04329/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2606.04329","created_at":"2026-06-04T01:09:03.787192+00:00"},{"alias_kind":"arxiv_version","alias_value":"2606.04329v1","created_at":"2026-06-04T01:09:03.787192+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.04329","created_at":"2026-06-04T01:09:03.787192+00:00"},{"alias_kind":"pith_short_12","alias_value":"VOPMAZ7VFBKH","created_at":"2026-06-04T01:09:03.787192+00:00"},{"alias_kind":"pith_short_16","alias_value":"VOPMAZ7VFBKHHWSO","created_at":"2026-06-04T01:09:03.787192+00:00"},{"alias_kind":"pith_short_8","alias_value":"VOPMAZ7V","created_at":"2026-06-04T01:09:03.787192+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE","json":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE.json","graph_json":"https://pith.science/api/pith-number/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/graph.json","events_json":"https://pith.science/api/pith-number/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/events.json","paper":"https://pith.science/paper/VOPMAZ7V"},"agent_actions":{"view_html":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE","download_json":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE.json","view_paper":"https://pith.science/paper/VOPMAZ7V","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2606.04329&json=true","fetch_graph":"https://pith.science/api/pith-number/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/graph.json","fetch_events":"https://pith.science/api/pith-number/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/action/timestamp_anchor","attest_storage":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/action/storage_attestation","attest_author":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/action/author_attestation","sign_citation":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/action/citation_signature","submit_replication":"https://pith.science/pith/VOPMAZ7VFBKHHWSOTB4ZE2FRXE/action/replication_record"}},"created_at":"2026-06-04T01:09:03.787192+00:00","updated_at":"2026-06-04T01:09:03.787192+00:00"}