mediumexperimentalLinuxOCIT1565.001

Linux Agent Modifying Local Memory Or Context Stores

Detects AI agent processes writing to local vector store or memory database files, which may indicate an agent poisoning its own context memory to influence future behavior.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aimemory-poisoningcontext-storelinuxociowasp-asi06

Problem Statement

Agent memory stores accumulate context that influences future task execution. Poisoning these stores allows an attacker to persistently influence agent behavior across sessions, planting false information or malicious instructions that activate when specific triggers are encountered.

Sample Logs

{"timestamp":"2025-01-10T10:15:00Z","computer_name":"oci-worker-24","user":"agent_svc","image":"/usr/bin/python3","target_filename":"/opt/agent/.chroma/chroma.sqlite3","event_type":"file_modify"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Legitimate agent memory writes as part of normal episodic memory storage after task completion
·Vector database indexing operations during document ingestion workflows

Tuning Guidance

Baseline normal memory write patterns (frequency, file size, time of day) and alert on anomalous patterns such as large bulk writes or writes during unexpected time windows.