Glossary · Term

write primitive

← all terms

Definition

Plain language

Any way an attacker can get their content saved into a place an AI agent will later read from.

As stated in the literature

In stored-injection threat models, a channel that lets untrusted content persist into an agent's reloaded state (memory, profile, files, auto-loaded instruction files); the minimal capability needed to stage a cross-session attack.

Also called: write primitives

Why it matters: It is the minimal foothold an attacker needs to plant a lasting trap in an agent's memory, so identifying these channels is key to closing them off.

For example, the ability to add a comment to a shared document that an agent later auto-loads is a write primitive an attacker could abuse.

Heard on the show

“All they need is what the authors call a write primitive — some way to get content from the untrusted side into a channel that persists.”
Episode 113 — What If a Prompt Injection Never Left? Attacks That Wait in Agent Memory

Mentioned in 1 episode

  1. 113
    What If a Prompt Injection Never Left? Attacks That Wait in Agent Memory

Related terms