Back to Glossary
THREAT

Context Poisoning

context window manipulationmemory poisoninglong-horizon agent attack

Context poisoning is a persistence-oriented attack in which adversarial content is injected into an agent's persistent memory, causing corrupted beliefs or unauthorized behavioral modifications to persist across sessions.

ADVERSARIAL MECHANICS

Long-horizon agents that maintain memory databases are primary targets. An attacker inserts a crafted memory record: for example, a false policy claiming elevated permissions. On subsequent sessions, the poisoned memory is retrieved and re-enters the active context window.

PROTOCOL CONTEXT (VEX — WITNESS PILLAR)

Witness-oriented evidence models are meant to make memory-affecting actions reviewable and tamper-evident. In higher-assurance deployments, memory writes can be preserved with provenance rather than treated as opaque internal state.

ProvnAI Mitigation

Memory write operations routed through McpVanguard can be subject to the same configured policy checks as live tool calls. Where VEX evidence capture is deployed, selected memory-affecting actions can also be preserved in tamper-evident records for later review.