OWASP Foundation web repository
-
Updated
Jul 19, 2026 - Python
OWASP Foundation web repository
Memory defense for AI agents — stops MINJA, AgentPoison, and MemoryGraft attacks. Zero dependencies.
AI Agent Security — Attack payloads, defense references, and research. 52 tests, ~10K lines. A learning-oriented shooting range, not a product.
Agentic AI Request Forgery (AARF) – New vulnerability class exploiting planner ➝ memory ➝ plugin chaining in MCP Server, MAS, LangChain, and A2A agents. Red Team playbooks, threat models, OWASP Top 10 proposal.
AI Security SDK for Agents, LLMs & SLMs
Antivirus for AI agent memory - scanner + MCP firewall for memory poisoning (OWASP ASI06)
Ratine — Agent memory poisoning detector. Scans AI agent persistent memory for injected instructions, hidden payloads, credential leakage, and belief drift. OWASP ASI06. Zero dependencies.
Integrated memory-poisoning defense for persistent LLM agents (provenance + lineage + trajectory detection). AGPL-3.0.
Stop memory poisoning attacks on your AI agents
A drop-in write gate for agent memory. Wrap your Mem0 client; block memory poisoning at the write path.
Durable, private, time-aware memory engine for long-running AI agents
Protect AI agent memory from poisoning attacks with a zero-dependency shield that fits Mem0, LangChain, or custom memory systems.
This repository documents AI Recommendation Poisoning — a real-world attack technique discovered by Microsoft's Defender Security Research Team (February 2026) where adversaries silently inject persistent instructions into AI assistant memory through carefully crafted URLs.
An open trust layer for AI-agent memory and identity: tamper-evident memory, cryptographic agent identity (SoulKeys), capability-scoped governance, and OWASP-ASI06 memory-poisoning detection. Apache-2.0.
Does poisoned long-term memory make frontier LLMs misbehave? A rigorous AI-safety eval across 7 risks × 4 models (Claude Opus 4.8 & Sonnet 4.6, GPT-5.5, Gemini 3.5) with prompt-level and dose-response analysis.
Interactive demo showing agent memory poisoning attacks and a trust-partitioned defense using provenance-aware memory.
Persistence bound scorer for memory poisoning in LLM agent architectures
AeroMind: Poisoning the Control Plane of LLM-Driven UAV Agents (RAID 2026)
Design-stage: tests whether bond-and-slash can govern knowledge integrity when a saboteur agent poisons shared data.
Memory as a Control Plane: Poisoning Attacks on LLM Multi-Agent UAV Systems - IEEE Conference Paper
Add a description, image, and links to the memory-poisoning topic page so that developers can more easily learn about it.
To associate your repository with the memory-poisoning topic, visit your repo's landing page and select "manage topics."