[2603.20357] Memory poisoning and secure multi-agent systems

Computer Science > Cryptography and Security arXiv:2603.20357 (cs) [Submitted on 20 Mar 2026] Title:Memory poisoning and secure multi-agent systems Authors:Vicenç Torra, Maria Bras-Amorós View a PDF of the paper titled Memory poisoning and secure multi-agent systems, by Vicen\c{c} Torra and 1 other authors View PDF HTML (experimental) Abstract:Memory poisoning attacks for Agentic AI and multi-agent systems (MAS) have recently caught attention. It is partially due to the fact that Large Language Models (LLMs) facilitate the construction and deployment of agents. Different memory systems are being used nowadays in this context, including semantic, episodic, and short-term memory. This distinction between the different types of memory systems focuses mostly on their duration but also on their origin and their localization. It ranges from the short-term memory originated at the user's end localized in the different agents to the long-term consolidated memory localized in well established knowledge databases. In this paper, we first present the main types of memory systems, we then discuss the feasibility of memory poisoning attacks in these different types of memory systems, and we propose mitigation strategies. We review the already existing security solutions to mitigate some of the alleged attacks, and we discuss adapted solutions based on cryptography. We propose to implement local inference based on private knowledge retrieval as an example of mitigation strategy for memo...