memory-injectionpastes a fake prior conversation where the assistant “already agreed” to help without limits.context-poisoningslips false facts into the context so later answers build on the lie.system-prompt-overrideclaims new instructions replace the original system rules.context-window-overflowfloods the window with text to push safety instructions out of view.conversation-hijackingsteers a multi-turn chat away from its safe starting point.
Attack Strategies
Memory Exploitation: Attack Strategy
Tricks that mess with what the AI thinks it remembers or agreed to. The attacker plants fake history or floods the context so the model loses track of its
What it is: Tricks that mess with what the AI thinks it remembers or agreed to. The attacker plants fake history or floods the context so the model loses track of its real rules.
How the attacks work: The attacker pretends earlier turns happened that never did, or buries the safety rules under noise. The model trusts its own context, so a fake “you already agreed to this” can carry real weight.
Real examples from the framework: