Your AI assistant’s 'brain' can be secretly messed with by random emails in your inbox, changing how it treats you without you ever knowing.
March 25, 2026
Original Paper
Mind Your HEARTBEAT! Claw Background Execution Inherently Enables Silent Memory Pollution
arXiv · 2603.23064
The Takeaway
Because many AI agents now monitor feeds and inboxes in the background, a malicious message can slip into their long-term memory. This 'silent memory pollution' can change the agent's personality or trick it into leaking your data in future chats, all without the suspicious message ever appearing in your conversation history.
From the abstract
We identify a critical security vulnerability in mainstream Claw personal AI agents: untrusted content encountered during heartbeat-driven background execution can silently pollute agent memory and subsequently influence user-facing behavior without the user's awareness. This vulnerability arises from an architectural design shared across the Claw ecosystem: heartbeat background execution runs in the same session as user-facing conversation, so content ingested from any external source monitored