Back to Glossary
THREAT

Context Poisoning

context window manipulationmemory poisoninglong-horizon agent attack

Context poisoning is a persistence-oriented attack in which adversarial content is injected into an agent's persistent memory, causing corrupted beliefs or unauthorized behavioral modifications to persist across sessions.

ADVERSARIAL MECHANICS

Long-horizon agents that maintain memory databases are primary targets. An attacker inserts a crafted memory record: for example, a false policy claiming elevated permissions. On subsequent sessions, the poisoned memory is retrieved and re-enters the active context window.

PROTOCOL CONTEXT (VEX — WITNESS PILLAR)

The VEX Protocol's Witness pillar requires all memory write events to be logged with cryptographic provenance. A memory record that lacks a valid Witness Log entry is treated as untrusted and quarantined during retrieval.

ProvnAI Mitigation

Memory write operations routed through McpVanguard are subject to the same scanning as live tool calls. The VEX Witness pillar enforces write-time attestation: every record receives a tamper-evident entry in the Merkle Audit Trail.