Cisco Discovers Memory Vulnerability in Anthropic AI Agent Framework

Cisco researchers found and disclosed a significant vulnerability in how Anthropic handles memory files in its AI agent framework, allowing an attacker to manipulate or poison the persistent context that agents use across conversations. Anthropic has patched the specific issue, but security experts warn that mishandled memory files will continue to threaten AI systems broadly — this class of attack is distinct from prompt injection targeting live conversation context and operates at the persistence layer instead.

For practitioners deploying AI agents with persistent memory: audit how memory stores are written and who can influence their contents, treat memory files as a trust boundary equivalent to session tokens, and evaluate whether deserialization or read paths are exposed to untrusted input. AI-native memory poisoning is an emerging attack category without mature detection tooling.