AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who plants text in the wrong field can override an agent’s instructions, pull out user data, or steer future tool calls,…
Everything is ideas, the rest is nature.
