![[2602.15344] ER-MIA: Black-Box Adversarial Memory Injection Attacks on Long-Term Memory-Augmented Large Language Models](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.15344] ER-MIA: Black-Box Adversarial Memory Injection Attacks on Long-Term Memory-Augmented Large Language Models
Summary
The paper presents ER-MIA, a framework for black-box adversarial memory injection attacks on long-term memory-augmented large language models, highlighting significant vulnerabilities in their retrieval mechanisms.
Why It Matters
As large language models increasingly integrate long-term memory systems, understanding their vulnerabilities is crucial for enhancing AI safety. This research exposes critical security risks that could be exploited, informing developers and researchers about potential attack vectors and the need for improved defenses.
Key Takeaways
- ER-MIA framework identifies vulnerabilities in memory-augmented LLMs.
- Two attack settings are formalized: content-based and question-targeted.
- Similarity-based retrieval mechanisms pose significant security risks.
- Extensive experiments reveal persistent vulnerabilities across various LLMs.
- The findings highlight the need for enhanced security measures in AI systems.
Computer Science > Machine Learning arXiv:2602.15344 (cs) [Submitted on 17 Feb 2026] Title:ER-MIA: Black-Box Adversarial Memory Injection Attacks on Long-Term Memory-Augmented Large Language Models Authors:Mitchell Piehl, Zhaohan Xi, Zuobin Xiong, Pan He, Muchao Ye View a PDF of the paper titled ER-MIA: Black-Box Adversarial Memory Injection Attacks on Long-Term Memory-Augmented Large Language Models, by Mitchell Piehl and 4 other authors View PDF HTML (experimental) Abstract:Large language models (LLMs) are increasingly augmented with long-term memory systems to overcome finite context windows and enable persistent reasoning across interactions. However, recent research finds that LLMs become more vulnerable because memory provides extra attack surfaces. In this paper, we present the first systematic study of black-box adversarial memory injection attacks that target the similarity-based retrieval mechanism in long-term memory-augmented LLMs. We introduce ER-MIA, a unified framework that exposes this vulnerability and formalizes two realistic attack settings: content-based attacks and question-targeted attacks. In these settings, ER-MIA includes an arsenal of composable attack primitives and ensemble attacks that achieve high success rates under minimal attacker assumptions. Extensive experiments across multiple LLMs and long-term memory systems demonstrate that similarity-based retrieval constitutes a fundamental and system-level vulnerability, revealing security risks t...