Context Contamination: When Your AI Agent Reads the Wrong Instructions

TL;DR - Context contamination is a variant of prompt injection where an AI agent picks up instructions from within its own retrieved context - old transcripts, cached documents, session history - and acts on them instead of its actual task. This is not a theoretical concern. OWASP lists prompt injection as the risk in LLM-integrated applications. This article walks through why it happens, a real incident that illustrates the failure mode, and - critically - how to actually defend against it using tools and configurations your team can set up today.