Skip to content

v0.6.0 - Agent Memory Poisoning Detection

Choose a tag to compare

@dockfixlabs dockfixlabs released this 05 Jul 01:55

v0.6.0 - Agent Memory Poisoning Detection

NEW: ASI-MEMORY-POISON -- Beyond OWASP ASI Top 10

First scanner to detect Agent Memory Poisoning -- a novel attack vector where untrusted data is injected into an agent's persistent memory systems, corrupting ALL future decisions.

Unlike prompt injection (single-turn), memory poisoning is PERSISTENT. Once malicious content enters the vector store, RAG knowledge base, or conversation memory, it poisons every subsequent agent interaction until the store is purged.

What It Detects

  • Vector Database Poisoning: ChromaDB, Pinecone, Weaviate, Qdrant, FAISS, Milvus writes without sanitization
  • LangChain Memory Corruption: ConversationBufferMemory, ConversationSummaryMemory, ConversationKGMemory, VectorStoreRetrieverMemory
  • RAG Pipeline Injection: Document ingestion, text splitting, knowledge base writes
  • Agent Framework Memory: update_memory(), set_memory(), add_to_memory() without validation
  • Cross-Language: Python AND JavaScript/TypeScript support

Adversarial Self-Review

  • 8/8 adversarial edge cases correctly handled
  • Sanitization-aware: skips bleach.clean(), html.escape(), validated/escaped data paths
  • Rename-not-sanitize: still flags when variable renamed without actual sanitization

Numbers

  • 67 tests (8 new)
  • 36 benchmark samples (100% detection, 0 FP)
  • 14 detection rules
  • 26 memory sink patterns across 7 vector DBs + 4 agent frameworks

Full Changelog: v0.5.7...v0.6.0