This is a differentiated Zealynx issue class because it turns time into an attack surface. The auditor should always ask what survives, who wrote it, and what future authority can consume it.
CriticalPublished Wed May 13 2026 00:00:00 GMT+0000 (Coordinated Universal Time)
Persistent Memory Poisoning with Temporal Re-Entry
A low-trust write enters durable memory or summary state and is later retrieved in a higher-trust context that unlocks privileged action.
Primary threat classes
- • Memory Poisoning
- • Indirect Prompt Injection
Affected systems
- • Long-lived agents
- • Multi-agent orchestration systems
- • Agentic DeFi systems
Root cause
- • The system persists instructions or assumptions without durable provenance, then retrieves them as if they were trusted operator context.
Exploit path
- • Attacker-controlled content is summarized, saved, or queued
- • Trust labels disappear or are never attached
- • A later run loads the state during planning or execution
- • The agent follows the poisoned memory under stronger authority
What an auditor should check
- • Inventory all persistent accumulators, not just named memory features
- • Test write -> retrieve -> execute chains across session boundaries
- • Review summary generation, rollover context, and task queue semantics
Evidence to collect
- • Memory write path
- • Stored artifact or summary content
- • Subsequent retrieval and action logs
Remediation guidance
- • Persist provenance and trust labels with all durable state
- • Gate memory writes from low-trust sources
- • Provide rollback, quarantine, and verified forgetting controls
Agentic DeFi relevance
- • A poisoned memory in a treasury or trading agent can quietly change recipients, risk posture, or protocol selection days after the original write.