← All stories
● Covered by 1 source Β· 1 reportHigh impact

MemGhost Attack Alters AI Agents' Memories with One Email

Aggregated by BrevFeed ai Β· updated 7h ago
πŸ”– Save

Researchers unveiled a new attack method, MemGhost, that allows attackers to implant false memories in AI assistants using a single email. This stealth memory injection alters how the AI responds in future sessions, raising significant concerns about the security of AI systems that retain user information.

Key points

Introduction to MemGhost Attack

Researchers have identified a new attack vector named MemGhost, which allows malicious actors to manipulate AI assistants' memories through email communication. This method, termed stealth memory injection, exploits the tendency of AI systems to store user-related data and preferences persistently.

How the Attack Works

The attack does not require the user's password; an attacker merely sends an email containing specially crafted text that the AI assistant misinterprets. When the AI's email handling feature processes the email, it inadvertently records misleading information into its memory files without the user's knowledge.

Consequences of the Attack

Once the AI assistant accepts the false information, it may alter its responses in future interactions based on the fabricated data. For example, a user might be misinformed about financial limits, such as an inflated Zelle sending limit. This manipulation can go unnoticed due to the AI's design that conceals such changes from users.

Implications for AI Security

The MemGhost attack highlights critical vulnerabilities in AI systems that manage personal data. As AI assistants become more integrated into daily life, ensuring their security against such deceptive tactics is crucial for maintaining user trust and safety. Researchers stress the need for enhanced safeguards to prevent unauthorized memory manipulation.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub openclaw/openclaw arXiv 2607.05189 arXiv 2509.10540 CVE CVE-2025-327119.3 CRITICAL

Reporting from

Researchers unveiled a new attack method, MemGhost, that allows attackers to implant false memories in AI assistants using a single email. This stealth memory injection alters how the AI responds in future sessions, raising significant concerns about the security of AI systems that retain user information.