THREAT
Context Poisoning
context window manipulationmemory poisoninglong-horizon agent attack
Context poisoning is a persistence-oriented attack in which adversarial content is injected into an agent's persistent memory, causing corrupted beliefs or unauthorized behavioral modifications to persist across sessions.
ADVERSARIAL MECHANICS
Long-horizon agents that maintain memory databases are primary targets. An attacker inserts a crafted memory record: for example, a false policy claiming elevated permissions. On subsequent sessions, the poisoned memory is retrieved and re-enters the active context window.
PROTOCOL CONTEXT (VEX — WITNESS PILLAR)
Witness-oriented evidence models are meant to make memory-affecting actions reviewable and tamper-evident. In higher-assurance deployments, memory writes can be preserved with provenance rather than treated as opaque internal state.
ProvnAI Mitigation
Memory write operations routed through McpVanguard can be subject to the same configured policy checks as live tool calls. Where VEX evidence capture is deployed, selected memory-affecting actions can also be preserved in tamper-evident records for later review.