Definition
A more persistent variant of prompt injection where the malicious instruction is stored inside the AI system's memory or conversation logs so that it continues to influence the AI's behaviour in future sessions — even long after the original attack. Unlike a one-shot injection that affects a single conversation, this attack can silently affect every subsequent user or session.
Why it matters
An AI assistant or agent that retains memory across sessions is vulnerable to having that memory poisoned once, with effects that persist indefinitely and are very difficult to detect. This escalates the risk from a transient nuisance to a persistent, low-and-slow compromise.