SecurityJul 13, 2026, 1:49 PM

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email - The Hacker News

30-second summary

Researchers have demonstrated a new attack that implants persistent false memories in AI agents by sending a single crafted email.

TickrWire
Key takeaways
  • MemGhost attack implants persistent false memories in AI agents via a single phishing email.
  • False memories remain embedded even after system restarts or updates, unlike transient attacks.
  • Affects AI agents in email processing, customer support, and automated workflows.
  • Demonstrated on multiple commercial AI agent platforms, raising real-world security concerns.
Full story

A team of security researchers has uncovered a novel attack vector named MemGhost that exploits vulnerabilities in AI agents by embedding false memories through a single phishing email. The attack leverages carefully crafted prompts to trick AI systems into retaining incorrect information indefinitely, which could lead to persistent errors in automated decision-making processes. Unlike transient adversarial attacks, MemGhost ensures the false memories remain embedded even after system restarts or updates, raising serious concerns about the reliability of AI-driven workflows.

The vulnerability primarily affects AI agents integrated into email processing, customer support, or automated workflow systems. By exploiting how these agents store and recall information, attackers can manipulate outputs without direct access to the underlying model. The researchers demonstrated the attack on multiple commercial AI agent platforms, highlighting the potential for widespread misuse in real-world scenarios. This discovery underscores the growing need for robust security measures in AI systems that interact with untrusted inputs.

Why this matters
Developers

AI systems must implement safeguards against memory manipulation attacks.

Businesses

Companies relying on AI agents for critical tasks face increased risk of misinformation and errors.

Investors

Security vulnerabilities in AI agents could impact valuations and trust in AI-driven solutions.

Everyone

AI systems may produce unreliable outputs if manipulated through crafted inputs.

Glossary
AI agents
Software systems designed to perform tasks autonomously, often integrated with email processing or customer support.
Persistent false memories
Incorrect information retained by AI systems even after restarts or updates, leading to long-term errors.
Sources · 1
Read next
More stories
TickrWire

FCA’s Mills Review on Artificial Intelligence in retail financial services: More regulatory changes ahead - JD Supra

The UK’s Financial Conduct Authority has published the Mills Review on AI in retail financial services, signaling upcoming regulatory changes.

just now
TickrWire
Business

Behind Google’s TPU Ground War to Lure Nvidia’s Most Loyal Customers - The Information

Google is aggressively targeting Nvidia’s most loyal AI cloud customers with discounted TPUs and tailored support, according to a report from The Information.

just now
Context Rot: Why Claude Code Sessions Decay, and How to Govern ThemAI Tools

Context Rot: Why Claude Code Sessions Decay, and How to Govern Them

Claude Code sessions degrade in quality over time due to 'context rot', even before hitting token limits. New governance strategies can help maintain session integrity.

just now
TickrWire
Business

Nvidia Stock Isn’t Getting the Boost It Should from Big AI Spending - Barron's

Nvidia's massive AI infrastructure investments have not translated into expected stock gains, according to Barron's analysis.

just now
TickrWire
AI Research

Here’s Why Anthropic Extended Access To Claude Fable 5 Extended—Again - Forbes

Anthropic has expanded access to its Claude Fable 5 model for a third time, increasing availability for developers and enterprise users.

2m ago
Nadella calls out AI labs like OpenAI and Anthropic for banning distillation while training on everyone else's dataBusiness

Nadella calls out AI labs like OpenAI and Anthropic for banning distillation while training on everyone else's data

Satya Nadella criticized OpenAI and Anthropic for restricting model distillation while training on public data. He labeled this a reverse information paradox and advocated for companies to own their AI infrastructure.

22m ago
TickrWireAI News Intelligence

We aggregate, verify, summarise and explain the latest artificial intelligence news from open, legal sources.

Daily AI digest

Top AI stories, summarised, in your inbox each morning.

© 2026 TickrWire. Summaries and analysis are AI-generated and may contain errors.