What happened
OWASP released Agent Memory Guard, the reference implementation for OWASP ASI06 (Memory Poisoning) in the OWASP Top 10 for Agentic Applications. The open-source tool sits between an agent and its memory store, screening every read/write through a pipeline of five detectors (prompt injection, secret/PII leakage, protected-key tampering, size anomaly, SHA-256 integrity baselines) and a YAML policy with allow/redact/quarantine/block actions. It ships as a drop-in wrapper for LangChain, LlamaIndex, and CrewAI, with 59-microsecond median latency. Benchmark results: 92.5% recall, 100% precision, 0 false positives across 55 test cases.
Why it matters
Agent memory poisoning is a qualitatively different threat from prompt injection: a malicious instruction written to long-term memory persists across sessions and can trigger weeks later as trusted context, bypassing both input sanitization and output validation. OWASP Agent Memory Guard is the first production-grade open-source defense layer for this attack class, making it immediately actionable for teams running LangChain or LlamaIndex agents with persistent memory stores.
Applicability
Any team running LangChain/LlamaIndex/CrewAI agents with ConversationBufferMemory, Redis chat histories, vector stores, or RAG indexes should evaluate this as a low-friction defense layer. The 3-line integration pattern (pip install + wrap existing backend) means security teams can add coverage without refactoring agent code. Higher-threat-model deployments should layer additional detection on top of the open-source base.