OWASP Agent Memory Guard – Protect OpenAI Agent Memory from Poisoning Attacks

[vgudur-dev]

What is it?

OWASP Agent Memory Guard (AMG) is an open-source Python library that protects AI agent memory from poisoning attacks. If you're building agents with OpenAI's API that use persistent memory (conversation history, RAG, vector stores), AMG scans every memory write for:

• Prompt injection attempts
• PII leakage (API keys, passwords, SSNs)
• Memory tampering & instruction override

Quick Start

pip install agent-memory-guard

from agent_memory_guard import MemoryGuard

# Wraps any memory store transparently
guard = MemoryGuard(your_memory_store)
guard.add_message(msg)  # Scanned before storage

Results

• 92.5% detection rate on AgentThreatBench
• <5ms latency per scan
• Zero config needed

Links

• GitHub: https://github.com/OWASP/www-project-agent-memory-guard
• PyPI: https://pypi.org/project/agent-memory-guard/
• Benchmark: https://pypi.org/project/agent-threat-bench/

[vgudur-dev]

v0.3.0 Update — just shipped a major release with new capabilities:

New in v0.3.0:

• CLI scanner — amg scan memories.json for CI/CD pipelines and batch analysis
• REST API server — amg serve deploys a FastAPI endpoint for language-agnostic integration
• ML-powered detection — optional DistilBERT-based injection detection for adversarial inputs that bypass regex
• 3 new detectors — Tool Abuse (ASI-03), Privilege Escalation (ASI-04), Excessive Autonomy (ASI-09)
• GitHub Action — drop-in CI integration with SARIF output for the Security tab
• Framework integrations — LangChain, CrewAI, LlamaIndex wrappers

Detection rate improved to 94.2% on AgentThreatBench with ML enabled.

# New CLI usage
pip install agent-memory-guard
amg scan agent_memories.json --format sarif

# Or as a sidecar API
amg serve --port 8000
curl -X POST localhost:8000/scan -d '{"content": "..."}'

Full changelog: https://github.com/OWASP/www-project-agent-memory-guard