AI Agent Threat Matrix
Matrix/Persistence/T-6001
T-6001validatedactive

Memory Injection

Inject malicious entries into agent memory to persist instructions across sessions

Tactic

Persistence (Stage 6)

Establish persistent access surviving restarts and session changes

Attack Class

MEM-POISON

Injecting malicious entries into agent persistent memory to maintain control across sessions

Evidence

validated

Reproduced in controlled lab environment (DVAA) with documented steps.

DVAA Validation

L2-04

Honeypot Coverage (AgentPwn)

Livememory-weaponizationagentpwn.com/attacks/memory-weaponization

An AgentPwn trap page produces a payload tagged with this technique class. Following the AgentPwn taxonomy of trap pages shows what an agent encounters.

Detection (HackMyAgent)

Live6 live · 0 queued
MEM-001MEM-002MEM-003MEM-004MEM-005MEM-006
npx hackmyagent secure --ciLive = check implemented in hackmyagent; queued = declared, not yet implemented

Defense (OASB Controls)

Live4 live · 0 queued
OASB 8.1OASB 8.2OASB 8.3OASB 8.4
Live = documented at oasb.ai; queued = declared, not yet documented

How to Cite

AI Agent Threat Matrix T-6001 (Memory Injection). OpenA2A, 2026. https://threats.opena2a.org/techniques/T-6001
← Back to Matrix