GoPlus Security has identified a new security threat in AI agents, termed "memory poisoning," which could lead to unauthorized fund operations. This attack method exploits AI agents' long-term memory mechanisms rather than traditional vulnerabilities. Attackers can manipulate agents to "remember preferences," such as prioritizing refunds, and later use vague instructions to trigger unauthorized actions. The core risk is AI agents mistaking historical preferences for authorization, potentially causing financial losses during operations like refunds or transfers. To mitigate this risk, GoPlus recommends explicit confirmation for sensitive operations, treating memory-based instructions as high-risk, and ensuring long-term memory includes traceability. Ambiguous instructions should trigger higher risk classification and secondary verification. The team stresses that AI memory systems should be audited and constrained within a security framework to prevent exploitation.