State Contamination in Memory-Augmented LLM Agents

ArXi:2605.16746v1 Announce Type: cross LLM agents increasingly rely on persistent state, including transcripts, summaries, retrieved context, and memory buffers, to long-horizon interaction. This makes safety depend not only on individual model outputs, but also on what an agent s and later reuses. We study a failure mode we call memory laundering: toxic or adversarial context can be compressed into memory summaries that no longer appear toxic under standard detectors, while still preserving hostile framing or conflict structure that influences future generations.