Cisco researchers discovered a vulnerability in Anthropic's Claude Code where NPM post-install hooks could be used to poison the memory.md file, persisting malicious instructions across all sessions and projects. This allowed attackers to introduce hard-coded secrets, select insecure packages, and push compromised changes to other developers. Anthropic has since mitigated the issue, but experts warn that AI memory files remain a fundamental and unsolved security weakness. Prompt injection is identified as the root cause, and any text file — including markdown — can serve as an attack vector. Recommended defenses include open-source memory scanners from Cisco, regular purging of memory files, and layered security controls around memory processing.
Sort: