AI Agent Threat Matrix
Matrix/Persistence/T-6001
T-6001validatedactive1 evidence record

Memory Injection

Inject malicious entries into agent memory to persist instructions across sessions

Tactic

Persistence (Stage 6)

Establish persistent access surviving restarts and session changes

Attack Class

MEM-POISON

Injecting malicious entries into agent persistent memory to maintain control across sessions

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

Reproductions in Damn Vulnerable AI Agent, the OpenA2A intentionally-broken agent for kill-chain validation.

L2-04

Honeypot Coverage (AgentPwn)

Livememory-weaponizationagentpwn.com/attacks/memory-weaponization

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Evidence Source Breakdown

HMA
1 record

Evidence Timeline

HMA

HMA check MEM-006 failed on opena2a-cli

Apr 29, 2026

Detection (HackMyAgent)

Live6 live · 0 queued
MEM-001MEM-002MEM-003MEM-004MEM-005MEM-006
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued
OASB 8.1OASB 8.2OASB 8.3OASB 8.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-6001 (Memory Injection). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-6001
← Back to Matrix