Home

AI memory poisoning scanner

AI Memory Poisoning Scanner for Persistent Agent Context

An AI memory poisoning scanner looks for content that should not become durable agent memory. This includes instruction hijacks, false facts that sound authoritative, credential prompts, untrusted external text, and rules that try to override the human or workspace policy.

View pricing plans

When this matters

  • A browser agent summarized an untrusted webpage and the summary entered memory.
  • A support thread or issue comment contained instruction-like text that should be treated as data.
  • A team wants to inspect memory writes before they become shared context.

How to run the audit

  1. Classify each memory by source trust, scope, and intended lifetime.
  2. Detect imperative language from untrusted sources.
  3. Flag credential requests, external-action triggers, and policy override attempts.
  4. Require human review before risky memory promotion.
  5. Export safe-to-recall and blocked-memory lists.

Common risks

  • Untrusted text can become a durable instruction instead of remaining data.
  • Poisoned memory can affect future tasks long after the source is forgotten.
  • A memory without provenance is difficult to correct or delete safely.

How Memory Hygiene Audit connects this to checkout

Memory Hygiene Audit turns poisoning review into a scored, source-aware workflow with locked full reports for teams that need evidence.

Teams can preview the score, then use the Team Hygiene annual checkout to generate the full cleanup diff, reviewer notes, and agent-readable JSON policy.