Memory Injection
Attackers manipulate long-term memory to inject persistent prompts or bias future actions.
Definition
Memory Injection is an attack on the execution layer of the Model Context Protocol (MCP). It occurs when an attacker introduces harmful or misleading information into an agent’s persistent memory, either through prompts or tool responses. Once stored, this injected memory is treated as truth by the model and can influence future decisions, trigger tool calls, or alter how inputs are interpreted. The agent carries this manipulated context forward across sessions, making detection difficult.
This attack lives in the execution layer of the MCP model, where long-term memory is treated as part of the active decision-making environment.
How MCP Security Helps
Akto detects memory manipulation by monitoring updates to agent memory and flagging content that includes prompt-like instructions or suspicious patterns. It validates memory writes against expected schema and behavior and runs injection simulation tests to ensure agents do not store or reuse untrusted context.
