The Memory-Injection Gap

Why memory injection beats prompt injection against on-chain AI agents, in three switchable charts over CrAIBench: 685 attacks skewed to trading, a 55.1%-vs-0% gap on the strongest model, and the fine-tuning defense that drops attack success 85.1% to 1.7%. Tap or arrow the bars for numbers.

chart SVG Agents Security Jun 14, 2026

⬢ loading artifact…

The Memory-Injection Gap — tap a bar for its numbers · switch result sets with the tabs · arrow keys move between bars · data as of Jun 14, 2026 · CrAIBench — Patlan et al., arXiv:2503.16248v3 ↗ open artifact ↗

View artifact source on GitHub ↗

Appears in

Agents Security DeFi

Fake Memories, Real Transfers: Context-Injection Attacks on On-Chain AI Agents

An agent doesn't need its key stolen to drain a wallet — it can be talked into signing. CrAIBench shows memory injection beating prompt injection 55% to ~0% on the strongest model, and only fine-tuning closes the gap.

Jun 14, 2026 7 min read ⬢ interactive