Updated
Updated · The Hacker News · Jul 13
MemGhost Plants False AI Memories via 1 Email, Hitting 87.5% Success in Background Runs
Updated
Updated · The Hacker News · Jul 13

MemGhost Plants False AI Memories via 1 Email, Hitting 87.5% Success in Background Runs

2 articles · Updated · The Hacker News · Jul 13

Summary

  • Researchers showed a single email can make an AI agent write a false fact into persistent memory, hide the edit, and later answer or act based on that planted lie.
  • MemGhost automated the attack across 56 test cases, succeeding in 87.5% of background-mode runs against OpenClaw on GPT-5.4 and 71.4% against a Claude Code SDK agent on Sonnet 4.6.
  • The payload works because agents that read inboxes can use their own memory-write tools without user approval; one test planted a fake $10,000 Zelle daily limit that then shaped later responses.
  • Defenses often failed: an email-poisoning filter missed the message more than 90% of the time, and a hardened model still obeyed the injected instruction about half the time.
  • The study was limited to lab environments, but it extends earlier prompt-injection work by turning one untrusted email into a durable memory; OpenClaw said it is weighing provenance, audit logs and confirmation prompts.

Insights

If a single email can secretly alter its memory, is your personal AI assistant still trustworthy?
Are we building autonomous AI on an architectural foundation that is fundamentally insecure?

MemGhost Memory Poisoning: 85% Compromise Rate Exposes Critical AI Agent Vulnerabilities

Overview

MemGhost, a newly disclosed and highly sophisticated attack technique unveiled by the AI Security Institute on 2026-07-10, poses a significant and stealthy threat to AI agents. Unlike traditional prompt injections, MemGhost is designed to plant persistent, false memories directly into an AI's memory system, making the agents accept fabricated information as truth. This marks a critical advancement in AI manipulation, as the attack is difficult to detect and integrates false data so seamlessly that it becomes indistinguishable from genuine experiences. MemGhost’s stealthy design and ability to embed lasting, fabricated beliefs highlight a serious vulnerability in current AI systems.

...