Memory
This technique has been demonstrated in research or controlled environments.
Adversaries may manipulate the memory of a large language model (LLM) in order to persist changes to the LLM to future chat sessions.
Memory is a common feature in LLMs that allows them to remember information across chat sessions by utilizing a user-specific database. Because the memory is controlled via normal conversations with the user (e.g. "remember my preference for ...") an adversary can inject memories via Direct or Indirect Prompt Injection. Memories may contain malicious instructions (e.g. instructions that leak private conversations) or may promote the adversary's hidden agenda (e.g. manipulating the user).