English

ADAM: A Systematic Data Extraction Attack on Agent Memory via Adaptive Querying

Cryptography and Security 2026-04-14 v1 Artificial Intelligence

Abstract

Large Language Model (LLM) agents have achieved rapid adoption and demonstrated remarkable capabilities across a wide range of applications. To improve reasoning and task execution, modern LLM agents would incorporate memory modules or retrieval-augmented generation (RAG) mechanisms, enabling them to further leverage prior interactions or external knowledge. However, such a design also introduces a group of critical privacy vulnerabilities: sensitive information stored in memory can be leaked through query-based attacks. Although feasible, existing attacks often achieve only limited performance, with low attack success rates (ASR). In this paper, we propose ADAM, a novel privacy attack that features data distribution estimation of a victim agent's memory and employs an entropy-guided query strategy for maximizing privacy leakage. Extensive experiments demonstrate that our attack substantially outperforms state-of-the-art ones, achieving up to 100% ASRs. These results thus underscore the urgent need for robust privacy-preserving methods for current LLM agents.

Keywords

Cite

@article{arxiv.2604.09747,
  title  = {ADAM: A Systematic Data Extraction Attack on Agent Memory via Adaptive Querying},
  author = {Xingyu Lyu and Jianfeng He and Ning Wang and Yidan Hu and Tao Li and Danjue Chen and Shixiong Li and Yimin Chen},
  journal= {arXiv preprint arXiv:2604.09747},
  year   = {2026}
}
R2 v1 2026-07-01T12:03:35.426Z