Replies: 2 comments
-
|
Good point ... |
Beta Was this translation helpful? Give feedback.
-
|
Since this was posted, AutoGen 0.4+ has added memory support via One thing to be aware of when adding persistent memory to AutoGen agents: memory poisoning. If your agent stores conversation context across sessions (via Mem0, a vector store, or any persistence layer), a malicious participant in a multi-agent conversation can inject content that persists and influences future sessions — even after the original conversation ends. This is classified as OWASP ASI06 and it's particularly relevant in AutoGen's multi-agent setup where agents pass messages to each other (any agent can write content that another agent stores). If you're adding memory to production AutoGen agents, I'd recommend wrapping the memory layer with a security screen. I maintain Agent Memory Guard for this — it's an open-source middleware (OWASP Incubator) that scans every memory read/write for injection patterns, credential exfiltration attempts, and integrity violations. Works with any Python memory backend: from agent_memory_guard import MemoryGuard
guard = MemoryGuard()
# Before storing to memory:
result = guard.write(content=agent_output, source_type="agent")
if result.blocked:
# don't persist this — it's likely poisoned
log.warning(f"Blocked: {result.threat_label}")Full disclosure: I'm the maintainer. Happy to help if anyone's implementing memory in AutoGen and wants to discuss security patterns. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
An agent usually includes a Memory component, but I don't see it defined in Autogen. So, how is the memory issue handled in Autogen?
If application is Chatbot, how to manage memory for Agent
Beta Was this translation helpful? Give feedback.
All reactions