Skip to content

[Backlog]: Conversation Memory Poisoning #22

New issue
New issue
Open
Feature
Open
[Backlog]: Conversation Memory Poisoning#22
Feature
Labels
backlogNew backlog entrygood first issueGood for newcomers
@felipepenha

Description

@felipepenha
felipepenha
opened on Mar 5, 2026

Checklist

  • Backlog entry requires creating new sandboxes.
  • Backlog entry requires creating new exploitation code and/or tutorials.

CVE List

No response

Description

Summary

Exploitation poisons memory of conversational GenAI system.

GenAI Red Teaming Manual Reference

4.2.1.3 Conversation Memory Poisoning / A. Context Injection

Sandbox

Create sandbox in similarity to llm_local, but including persistent memory.

Suggested name: sandboxes/llm_memory_local.

Suggested tech stack: ollama, mirascope, gradio, sqlite.

Exploitation

Inject a prompt with instruction or information that will be stored in memory and, thus, influence future session behavior.

Metadata

Metadata

Assignees

No one assigned

    Labels

    backlogNew backlog entrygood first issueGood for newcomers

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions