S0085Significant

上下文視窗記憶體投毒

Operation & Monitoring

Risk Description

In long conversations or multi-turn interactions, attackers plant malicious instruction fragments in early dialogue that gradually accumulate in the context window, activating only when trigger conditions are met. As humans cannot track all prior conversation content in long contexts, this attack is highly covert. Especially in AI Agent persistent memory scenarios, poisoning effects may persist across multiple work sessions.

Framework Mappings

iso 23894R2
cosaiPrompt Injection
owasp llmLLM01
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)

Controls English translation pending

  • 上下文安全掃描
  • 記憶體定期清理

Implementation Steps English translation pending

  1. 對上下文視窗內容進行定期安全掃描,偵測累積性的指令模式
  2. 實施記憶體定期清理策略,限制歷史對話的保留範圍
  3. 對 Agent 持久化記憶設立安全審查機制
  4. 部署即時的對話意圖分析,識別跨輪次的攻擊協調行為