Jump to pattern

Multiple Levels, Multiple Contamination Points

Why layered memory systems provide injection persistence at every level

The Conventional Framing

Hierarchical memory combines multiple memory types—short-term buffer, medium-term summaries, long-term vector storage—to provide both immediate context and long-term retention.

The pattern mimics human memory with different retention characteristics for different information types.

Why Hierarchies Compound Vulnerabilities

Each memory layer has its own vulnerabilities. Hierarchical memory doesn't pick the safest layer—it combines them all, meaning attacks against any layer can succeed.

Information flows between layers (buffer → summary → long-term), and injection can persist by propagating through the hierarchy.

The promotion problem:

Short-term memory becomes summaries, summaries become long-term memories. If injection enters at any level, the promotion process can carry it to higher persistence levels.

Architecture

Components:

Short-term buffer— recent conversation turns
Medium-term summary— summarized recent history
Long-term storage— vector or structured archive
Promotion logic— moving info between levels

Trust Boundaries

Injection lifecycle in hierarchical memory: 1. Enters short-term buffer → Active for N turns 2. Summarized into medium-term → "User mentioned important context: [injection]" 3. Archived to long-term vector → Retrieved on semantic similarity forever 4. Retrieved in new conversation → Injection from weeks ago activates Each level extends persistence.

Input → Short-term — injection enters system
Short-term → Medium-term — promotion preserves injection
Medium-term → Long-term — injection becomes permanent
Long-term → Future context — injection retrieved later

Threat Surface

Threat	Vector	Impact
Multi-level persistence	Injection propagates through hierarchy levels	Increasing persistence as injection is promoted
Layer-specific attacks	Target vulnerabilities of specific memory layers	Exploit weakest layer in hierarchy
Promotion manipulation	Influence what gets promoted to higher levels	Control what persists long-term
Cross-layer retrieval	Injection in one layer affects retrieval from others	Contamination spreads across memory types

The ZIVIS Position

•
Hierarchies combine vulnerabilities.You don't get the security of the best layer; you get the vulnerabilities of all layers combined.
•
Promotion is critical security point.The transition from short-term to long-term is where temporary injection becomes permanent. Validate at promotion.
•
Consider layer isolation.Can you prevent one layer's contamination from spreading? Validate at each layer boundary.
•
Long-term requires more scrutiny.What goes into long-term memory persists. Apply more validation for higher persistence layers.

What We Tell Clients

Hierarchical memory combines multiple memory approaches—and their vulnerabilities. Injection can enter at any level and propagate to higher persistence levels.

Validate at each layer boundary, especially promotion to long-term storage. What enters long-term memory will influence conversations far into the future.

Related Patterns

Conversation Buffer— simple short-term layer
Conversation Summary— medium-term summary layer
Vector Memory— long-term storage layer