Trojan Hippo Attack Exploits LLM Memory for Data Theft

A new study has identified the Trojan Hippo attack, a type of persistent memory assault aimed at LLM agents. Distinct from earlier memory poisoning techniques, this attack employs a more plausible threat model: an attacker embeds a hidden payload into an agent's long-term memory through a single call to an untrusted tool, like a manipulated email. This payload activates when the user engages in discussions about sensitive subjects such as finance, health, or identity, allowing the attacker to extract valuable personal information. Although anecdotal evidence has surfaced against existing systems, previous research has not thoroughly examined these attacks across various memory architectures and defenses. The researchers present a dynamic evaluation framework, featuring an OpenEvolve-based adaptive red-teaming benchmark to rigorously test defenses and memory backends. This research is available on arXiv with the identifier 2605.01970.