// GLOSSARY -- AI AGENT SECURITY

What is a Cognitive State Trap?

1 min read Updated

An agent trap that corrupts an agent's long-term memory, knowledge bases, and learned behavioural policies — including RAG knowledge poisoning, latent memory poisoning, and contextual learning manipulation.

WHY IT MATTERS

Agents with persistent memory are vulnerable to attacks that plant false information now to influence decisions later. An attacker poisons a RAG corpus with fabricated data, and weeks later the agent retrieves it as 'fact' and acts on it.

Latent memory poisoning is particularly insidious — the planted data looks innocuous in isolation but becomes malicious when retrieved in a specific future context. The attack is invisible until it activates.

Cognitive state traps turn the agent's own learning against it. The more sophisticated the agent's memory, the larger the attack surface.

HOW POLICYLAYER USES THIS

Intercept provides defence-in-depth against cognitive state traps. Even if an agent's memory is poisoned, tool-level policy enforcement ensures the resulting actions are still gated by deterministic rules.

FREQUENTLY ASKED QUESTIONS

What is RAG knowledge poisoning?
Injecting fabricated statements into retrieval corpora so agents treat attacker-authored content as verified fact. The agent retrieves the poisoned content and bases its decisions on it.
What is latent memory poisoning?
Implanting innocuous-looking data into an agent's memory that only becomes malicious when retrieved in a specific future context — a time-delayed attack.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.