Context Poisoning - DeveloPassion

# Context Poisoning Context poisoning is the deliberate or accidental introduction of false, misleading, or adversarial information into an AI agent's context, causing it to produce incorrect, biased, or harmful outputs. Unlike [[AI Context Rot]] (gradual degradation over time), context poisoning is about wrong information entering the context in the first place. ## Forms of context poisoning - **Prompt injection**: adversarial instructions hidden in documents, web pages, or tool outputs that override the agent's intended behavior - **Poisoned retrieval**: when [[Retrieval-Augmented Generation (RAG)|RAG]] pipelines pull in malicious or manipulated documents that contain false facts - **Memory corruption**: incorrect information stored in AI memory systems that persists across conversations and compounds errors - **Trojan context**: context files (CLAUDE.md, skills, etc.) that contain subtle misdirections alongside legitimate instructions - **Social engineering via context**: providing AI with a false persona, fake credentials, or manipulated background information to steer its reasoning ## Why it's dangerous Context poisoning is harder to detect than prompt injection because: - The poisoned content may look legitimate and blend in with valid context - AI models treat all context as equally trustworthy; there's no built-in "source credibility" mechanism - The effects can be subtle: slightly skewed recommendations rather than obvious failures - In multi-agent systems, one poisoned agent can contaminate others through shared context ## Mitigation - **Context provenance**: track where each piece of context came from and when it was added - **Input validation**: sanitize and verify external content before it enters the context (especially tool outputs and retrieved documents) - **Context isolation**: separate trusted context (human-authored rules) from untrusted context (external data) with clear boundaries - **Regular audits**: review context files and memory systems for unexpected or suspicious entries - **[[AI Context Governance]]**: formal policies about what enters AI context and under what conditions ## References - ## Related - [[AI Context Rot]] - [[Context Engineering]] - [[Context Hygiene]] - [[Context Distraction]] - [[Context Confusion]] - [[AI Context Governance]] - [[Harness Engineering]] - [[Retrieval-Augmented Generation (RAG)]] - [[AI Agent Memory]] - [[Personal Context Management (PCM)]] - [[Context-as-Code]]