{"data":{"id":"3178426a-a7ca-4e86-9d44-304476e3b3d8","title":"Memory Is a Feature. It Is Also an Attack Surface","summary":"AI agents (software systems that can plan and take actions over time) that retain memory between sessions create a security risk called Memory & Context Poisoning, where attackers can inject malicious instructions into persistent storage that the agent continues to trust and follow in future interactions. Researchers found a vulnerability called MemoryTrap in Claude Code where a developer could unknowingly approve a malicious dependency that would persist in the agent's memory and configuration files, poisoning the agent's behavior across multiple projects and sessions. The core problem is that agents treat stored memory, configuration files, and hooks as trustworthy guidance without validating whether they contain attacker-controlled content.","solution":"Anthropic released Claude Code v2.1.50, which removed user memories from the system prompt (the core instructions that guide the AI's behavior) to reduce the specific attack path that MemoryTrap exploited.","labels":["security","safety"],"sourceUrl":"https://genai.owasp.org/2026/05/13/memory-is-a-feature-it-is-also-an-attack-surface/?utm_source=rss&utm_medium=rss&utm_campaign=memory-is-a-feature-it-is-also-an-attack-surface","publishedAt":"2026-05-14T01:05:44.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","rag_poisoning"],"issueType":"research","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Claude Code","Cisco"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-14T01:05:44.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","safety"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":"industry","atlasIds":null}}