Tag
This paper identifies a structural failure in multi-agent AI pipelines where memory-layer attacks can be misattributed as model misalignment, formalizing Semantic Norm Drift (SND) and proposing Counterfactual Composition Testing and Memory-Persistent Information-Flow Control as defenses.
MemAudit is a post-hoc auditing framework for memory-augmented LLM agents that identifies poisoned memories by combining counterfactual influence scores and structural anomaly detection, reducing attack success rates from over 70% to 0% in realistic scenarios.