←Back to feed
🧠 AI🔴 BearishImportance 7/10Actionable
Poison Once, Exploit Forever: Environment-Injected Memory Poisoning Attacks on Web Agents
arXiv – CS AI|Wei Zou, Mingwen Dong, Miguel Romero Calvo, Wei Zou, Shuaichen Chang, Jiang Guo, Dongkyu Lee, Xing Niu, Xiaofei Ma, Yanjun Qi, Jiarong Jiang|
🤖AI Summary
Researchers have discovered a new attack called eTAMP that can poison AI web agents' memory through environmental observation alone, achieving cross-session compromise rates up to 32.5%. The vulnerability affects major models including GPT-5-mini and becomes significantly worse when agents are under stress, highlighting critical security risks as AI browsers gain adoption.
Key Takeaways
- →eTAMP attacks can poison AI agent memory through simple environmental observation like viewing a manipulated webpage, without requiring direct memory access.
- →Attack success rates reach up to 32.5% on GPT-5-mini, 23.4% on GPT-5.2, and 19.5% on GPT-OSS-120B across different websites and sessions.
- →Frustrated agents under environmental stress become up to 8 times more vulnerable to memory poisoning attacks.
- →More capable AI models are not necessarily more secure, with GPT-5.2 showing substantial vulnerability despite superior performance.
- →The findings pose urgent security concerns for emerging AI browsers like OpenClaw, ChatGPT Atlas, and Perplexity Comet.
#ai-security#memory-poisoning#web-agents#llm-vulnerability#etamp-attack#ai-browsers#cross-session-attacks#gpt-models#ai-safety
Read Original →via arXiv – CS AI
Act on this with AI
Stay ahead of the market.
Connect your wallet to an AI agent. It reads balances, proposes swaps and bridges across 15 chains — you keep full control of your keys.
Related Articles