v0.6.0 - Agent Memory Poisoning Detection
v0.6.0 - Agent Memory Poisoning Detection
NEW: ASI-MEMORY-POISON -- Beyond OWASP ASI Top 10
First scanner to detect Agent Memory Poisoning -- a novel attack vector where untrusted data is injected into an agent's persistent memory systems, corrupting ALL future decisions.
Unlike prompt injection (single-turn), memory poisoning is PERSISTENT. Once malicious content enters the vector store, RAG knowledge base, or conversation memory, it poisons every subsequent agent interaction until the store is purged.
What It Detects
- Vector Database Poisoning: ChromaDB, Pinecone, Weaviate, Qdrant, FAISS, Milvus writes without sanitization
- LangChain Memory Corruption: ConversationBufferMemory, ConversationSummaryMemory, ConversationKGMemory, VectorStoreRetrieverMemory
- RAG Pipeline Injection: Document ingestion, text splitting, knowledge base writes
- Agent Framework Memory: update_memory(), set_memory(), add_to_memory() without validation
- Cross-Language: Python AND JavaScript/TypeScript support
Adversarial Self-Review
- 8/8 adversarial edge cases correctly handled
- Sanitization-aware: skips bleach.clean(), html.escape(), validated/escaped data paths
- Rename-not-sanitize: still flags when variable renamed without actual sanitization
Numbers
- 67 tests (8 new)
- 36 benchmark samples (100% detection, 0 FP)
- 14 detection rules
- 26 memory sink patterns across 7 vector DBs + 4 agent frameworks
Full Changelog: v0.5.7...v0.6.0