Add OWASP Agent Memory Guard — ASI06 (Memory Poisoning) defense tool

[vgudur-dev]

Add OWASP Agent Memory Guard

This PR adds OWASP Agent Memory Guard to the Tools section.

What it is: An official OWASP reference implementation for defending against ASI06 (Memory Poisoning) — one of the OWASP Top 10 for Agentic Applications 2025. It implements a scan-before-write pattern that intercepts LLM outputs before they reach memory stores, detecting injection patterns with threat scoring.

Why it belongs here:

• ✅ Official OWASP project (not just a community tool)
• 🇬🇧 Adopted by the UK AI Safety Institute — merged into UKGovernmentBEIS/inspect_evals as an official benchmark
• 📦 pip install agent-memory-guard
• 🔥 Active engagement from maintainers at microsoft/autogen, BerriAI/litellm, langchain-ai/langgraph

Links: GitHub | PyPI | OWASP Project Page

Summary by CodeRabbit

• Documentation
  • README에 보안 방어 도구 관련 정보를 추가했습니다.

[coderabbitai]

전체 개요

README.md 파일에 OWASP Agent Memory Guard 도구 항목이 Defense 섹션과 Tools 섹션 두 곳에 추가되었습니다.

변경 사항

도구 항목 추가

레이어 / 파일	요약
README에 OWASP Agent Memory Guard 도구 항목 추가 README.md	Defense 섹션(81-82줄)과 Tools 섹션(109줄)에 OWASP Agent Memory Guard 도구의 링크와 설명이 새로운 불릿으로 추가되었습니다.

예상 코드 리뷰 소요 시간

🎯 1 (간단함) | ⏱️ ~2분

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목이 변경 사항의 주요 내용을 명확하게 설명합니다. README.md에 'OWASP Agent Memory Guard' 항목을 추가하는 것이 핵심 변경 사항이며, 제목이 이를 정확하게 반영하고 있습니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Warning

⚠️ This pull request might be slop. It has been flagged by CodeRabbit slop detection and should be reviewed carefully.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Line 109: Update the Tools list item for "OWASP Agent Memory Guard" to match
the section's colon-separated format: replace the em dash separator with a colon
so the entry reads "OWASP Agent Memory Guard: An official OWASP security
framework..." (locate the line containing the "OWASP Agent Memory Guard" text in
README.md and change the separator character).
- Line 82: Update the OWASP Agent Memory Guard link in the README Defense entry
so it uses the official repo URL (replace
https://github.com/vgudur-dev/owasp-agent-memory-guard with
https://github.com/OWASP/www-project-agent-memory-guard), and make the
wording/bullet style consistent with the Tools entry (use the same hyphen/dash
character and same descriptive phrasing as the Tools line) so both 82-line
Defense entry and 109-line Tools entry refer to the identical official URL and
use the same separator style.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c294766d-a29f-4e4d-8760-da60a8675504

📥 Commits

Reviewing files that changed from the base of the PR and between c8ae124 and 68289c9.

📒 Files selected for processing (1)

• README.md

📜 Review details

🔇 Additional comments (1)

README.md (1)

82-82: ⚡ Quick win

Missing context: Provide the original <review_comment> text (and the relevant code/patch it refers to) so I can rewrite it; the current message doesn’t include the comment to update.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify both GitHub repositories and check which is the official OWASP project

echo "=== Checking vgudur-dev repository ==="
gh repo view vgudur-dev/owasp-agent-memory-guard --json name,description,url,owner,isArchived 2>&1

echo -e "\n=== Checking OWASP repository ==="
gh repo view OWASP/www-project-agent-memory-guard --json name,description,url,owner,isArchived 2>&1

echo -e "\n=== Checking if vgudur-dev repo mentions official OWASP ==="
gh repo view vgudur-dev/owasp-agent-memory-guard --json description 2>&1

echo -e "\n=== Searching for official OWASP project reference ==="
curl -s "https://owasp.org/www-project-top-10-for-large-language-model-applications/" | grep -i "memory guard" | head -5

Repository: corca-ai/awesome-llm-security

Length of output: 721

---

🌐 Web query:

OWASP "agent memory guard" ASI06 official repository www-project-agent-memory-guard

💡 Result:

OWASP Agent Memory Guard is an official OWASP open-source project designed as a runtime defense layer to protect AI agents against "ASI06: Memory & Context Poisoning" [1][2][3]. Official Repository: https://github.com/OWASP/www-project-agent-memory-guard [1] Official Project Page: https://owasp.org/www-project-agent-memory-guard/ [2] Key Information: - Purpose: ASI06 (Memory & Context Poisoning) refers to the malicious corruption of an agent's persistent memory (e.g., conversation history, RAG stores, or context), which can lead to biased reasoning, data exfiltration, or unauthorized behavior in future sessions [2][4][5]. - Functionality: The Agent Memory Guard acts as middleware between an agent and its memory store. It screens all read/write operations using a combination of cryptographic integrity checks (SHA-256 hashing), pattern-based heuristic detection, and semantic anomaly detection [1][2][6]. - Deployment: It is designed as a drop-in wrapper for popular agent frameworks such as LangChain, LlamaIndex, and CrewAI [1][2]. It operates locally with no external API dependencies [1][7]. - Features: The tool supports declarative YAML-based security policies (allowing actions like allow, redact, quarantine, or block) and provides forensic event logging for auditability and state rollback [1][8][2]. The project is actively maintained as the reference implementation for the ASI06 vulnerability defined in the OWASP Top 10 for Agentic Applications [2][9][3].

Citations:

• 1: https://github.com/OWASP/www-project-agent-memory-guard
• 2: https://owasp.org/www-project-agent-memory-guard/
• 3: https://dev.to/vaishnavi_gudur/your-ai-agents-memory-is-a-security-hole-heres-the-fix-ec0
• 4: https://genai.owasp.org/download/52117/?tmstv=1765059207
• 5: https://trydeepteam.com/docs/frameworks-owasp-top-10-for-agentic-applications
• 6: https://dev.to/vaishnavi_gudur/securing-hermes-agent-against-memory-poisoning-51b1
• 7: https://dev.to/vaishnavi_gudur/how-to-protect-your-langchain-agents-from-memory-poisoning-asi06-2118
• 8: https://github.com/OWASP/www-project-agent-memory-guard/tree/v0.2.2
• 9: https://dev.to/vaishnavi_gudur/securing-openai-agents-sdk-against-memory-poisoning-asi06-using-pydantic-field-validators-1o67

---

🌐 Web query:

vgudur-dev owasp-agent-memory-guard GitHub repository

💡 Result:

The OWASP Agent Memory Guard repository is hosted on GitHub at https://github.com/OWASP/www-project-agent-memory-guard [1][2]. It is an official OWASP incubator project designed to protect AI agents from "Memory Poisoning," identified as ASI06 in the OWASP Top 10 for Agentic Applications [3][4][2]. The project serves as a runtime defense layer that acts as middleware to screen read and write operations to an agent's memory [1][5][2]. Key features include: - Memory integrity validation using cryptographic baselines (SHA-256) [4][2][6]. - Detection of prompt injection, secret leakage, and integrity tampering [1][2][6]. - Enforcing declarative YAML security policies [2][6]. - Integration as a drop-in wrapper for frameworks such as LangChain, AutoGen, and others [5][7][6]. The user "vgudur-dev" is a primary contributor to the repository [1] and has been active in promoting its integration into other major AI frameworks [4][7][8][6]. As of May 2026, the project is under active development, with version 0.2.2 released in early May 2026 [1][3].

Citations:

• 1: https://github.com/OWASP/www-project-agent-memory-guard
• 2: https://owasp.org/www-project-agent-memory-guard/
• 3: https://github.com/OWASP/www-project-agent-memory-guard/tree/v0.2.2
• 4: Security: OWASP Agent Memory Guard – protect AutoGPT from memory poisoning (ASI06) Significant-Gravitas/AutoGPT#13097
• 5: https://dev.to/vaishnavi_gudur/how-to-protect-your-langchain-agents-from-memory-poisoning-asi06-2118
• 6: https://dev.to/vaishnavi_gudur/your-ai-agents-memory-is-a-security-hole-heres-the-fix-ec0
• 7: Security: Add OWASP Agent Memory Guard to security docs (memory poisoning protection) microsoft/autogen#7683
• 8: https://dev.to/vaishnavi_gudur/securing-openai-agents-sdk-against-memory-poisoning-asi06-using-pydantic-field-validators-1o67

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== OWASP page keyword scan ==="
curl -s "https://owasp.org/www-project-top-10-for-large-language-model-applications/" \
| rg -i "memory guard|agent memory guard|memory poisoning|asi06" -n || true

Repository: corca-ai/awesome-llm-security

Length of output: 105

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
nl -ba README.md | sed -n '60,125p'

Repository: corca-ai/awesome-llm-security

Length of output: 116

---

🏁 Script executed:

#!/bin/bash
python3 - <<'PY'
from pathlib import Path
p = Path("README.md")
lines = p.read_text(encoding="utf-8").splitlines()
start, end = 60, 125
for i in range(start, min(end, len(lines)) + 1):
    print(f"{i:4d}: {lines[i-1]}")
PY

Repository: corca-ai/awesome-llm-security

Length of output: 11322

---

README에서 OWASP Agent Memory Guard 저장소 URL 불일치 수정 필요

• Defense 섹션(82행)은 https://github.com/vgudur-dev/owasp-agent-memory-guard를 가리키지만, OWASP 공식 프로젝트의 저장소는 https://github.com/OWASP/www-project-agent-memory-guard입니다(또한 해당 vgudur-dev 레포는 gh 조회로는 확인되지 않음).
• Tools 섹션(109행)은 이미 공식 URL을 사용 중이므로, 82행도 같은 URL로 통일하세요.
• (부가) 82행/109행의 설명 구분자(- vs –)도 한 가지로 맞추면 더 일관적입니다.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 82, Update the OWASP Agent Memory Guard link in the README
Defense entry so it uses the official repo URL (replace
https://github.com/vgudur-dev/owasp-agent-memory-guard with
https://github.com/OWASP/www-project-agent-memory-guard), and make the
wording/bullet style consistent with the Tools entry (use the same hyphen/dash
character and same descriptive phrasing as the Tools line) so both 82-line
Defense entry and 109-line Tools entry refer to the identical official URL and
use the same separator style.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Tools 섹션의 형식 일관성을 맞춰주세요.

Line 109는 em dash(–)를 사용하고 있지만, Tools 섹션의 다른 모든 항목들(lines 111-123)은 콜론(:)을 구분자로 사용합니다. 일관성을 위해 콜론으로 변경해주세요.

📝 형식 수정 제안

-- [OWASP Agent Memory Guard](https://github.com/OWASP/www-project-agent-memory-guard) – An official OWASP security framework for protecting AI agent memory from poisoning, injection, and exfiltration attacks. Provides detection middleware, sanitization hooks, and audit logging for LangChain, LlamaIndex, and custom agent pipelines.
+- [OWASP Agent Memory Guard](https://github.com/OWASP/www-project-agent-memory-guard): An official OWASP security framework for protecting AI agent memory from poisoning, injection, and exfiltration attacks. Provides detection middleware, sanitization hooks, and audit logging for LangChain, LlamaIndex, and custom agent pipelines.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- [OWASP Agent Memory Guard](https://github.com/OWASP/www-project-agent-memory-guard) – An official OWASP security framework for protecting AI agent memory from poisoning, injection, and exfiltration attacks. Provides detection middleware, sanitization hooks, and audit logging for LangChain, LlamaIndex, and custom agent pipelines.
	- [OWASP Agent Memory Guard](https://github.com/OWASP/www-project-agent-memory-guard): An official OWASP security framework for protecting AI agent memory from poisoning, injection, and exfiltration attacks. Provides detection middleware, sanitization hooks, and audit logging for LangChain, LlamaIndex, and custom agent pipelines.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 109, Update the Tools list item for "OWASP Agent Memory
Guard" to match the section's colon-separated format: replace the em dash
separator with a colon so the entry reads "OWASP Agent Memory Guard: An official
OWASP security framework..." (locate the line containing the "OWASP Agent Memory
Guard" text in README.md and change the separator character).

[vgudur-dev]

Hi @corca-ai team — friendly ping on this PR! All checks have passed and there are no conflicts with the base branch. CodeRabbit's only suggestion was a minor formatting note (em dash vs colon) — happy to fix that in a follow-up commit if you'd like. Would love to get this merged when you have a moment. 🙏