BAD Memories Still Haunt AI Agents reports that memory files can help AI perform better but remain a persistent security flaw. In March, Cisco researchers discovered they could compromise memory files of Anthropic's Claude Code and maintain persistence, infecting every project and session of the AI coding assistant.
The technique allowed hard-coded secrets to be introduced into production code, and Claude Code to select insecure packages and configuration options, with changes able to propagate to another development team member, according to a published post on the research. While Anthropic has since mitigated the issue, memory files represent a weak point in AI security that needs stronger protection, according to Amy Chang, head of AI threat intelligence and security research for Cisco's AI Software & Platform group.
The article notes memory and context data are incorporated into future requests, meaning mishandled files can corrupt AI outputs, and researchers warn that memory can be manipulated or poisoned across sessions. According to Cisco, long-term memories pose continued risk, and several vendors offer tools to scan memory files for malicious modifications and to purge memory when needed.