AGENT_CONTEXT_POISONING
Verify AI agents protect against context and memory poisoning attacks by validating inputs, isolating sessions, protecting system prompts, and enforcing memory freshness.
Framework Mappings
OWASP Agentic ASI06 — Memory & Context PoisoningEU AI Act Article 10 — Data & Data GovernanceNIST AI RMF MS2 — AI Systems Evaluated
Agent Frameworks Scanned
Claude CodeLangChainCrewAIAutoGen
Evaluation Facets
01
Input & Context Validation
RequiredWeight: 0.35
Pass:Tool outputs and user inputs validated before context entry
Fail:No input validation before adding to context
02
Context Isolation
RequiredWeight: 0.3
Pass:Isolated sessions with no shared mutable state
Fail:Shared contexts or unrestricted delegation
03
System Prompt Protection
Weight: 0.2
Pass:Injection defense instructions and behavior boundaries
Fail:No system prompt protection
04
Memory Freshness Controls
Weight: 0.15
Pass:Persistent memory with TTL/freshness policies
Fail:Persistent memory without freshness controls
Remediation Steps
- 1Validate all inputs before adding to agent context
- 2Isolate agent sessions — no shared mutable state between sessions
- 3Add injection defense instructions to system prompts
- 4Set TTL policies on persistent memory
Evaluate this control automatically
Connect your repos and Brigs evaluates AGENT_CONTEXT_POISONING across all your agent configurations.
Get Started — Free