When AI Agents Get Their Memory Poisoned

Something most founders haven't thought about yet

AI agents are getting a lot more useful because they remember things. You finish a conversation with your agent on Monday, and by Friday it still knows your preferences, your clients' names, your usual way of doing things. That memory is genuinely valuable.

But that memory can be tampered with.

Imagine someone slipping a note into your assistant's notebook — something that looks harmless but quietly changes how they respond to you later. That's essentially what memory poisoning is. A bad actor plants some malicious text in the places your AI agent reads from, and the next time the agent goes to help you, it's working from corrupted instructions. It might leak private information. It might take actions you never asked for.

OWASP — the people who've been cataloguing software security risks for decades — have named this a top-six risk for AI systems. And they've now built a free tool called Agent Memory Guard to address it directly.

It sits quietly between your agent and its memory, checking every piece of information that goes in or comes out. Think of it as a metal detector at the door — most days, nothing triggers it. But it's there.

If you're building anything with AI agents — or planning to — this is the kind of thing worth knowing exists before you need it.

Words worth knowing

AI agent — an AI that can take actions on your behalf, not just answer questions. It might book things, send emails, or look things up automatically.

Vector store / memory store — the place where an agent saves what it's learned across conversations. Like a notebook it keeps coming back to.

Memory poisoning — when someone secretly corrupts that notebook so the agent behaves in unintended ways.

OWASP — a respected, nonprofit group that publishes plain-language guides to software risks. Not affiliated with any vendor. Generally trusted.