Last week, we wrote about giving our AI assistant persistent memory with Claude Cortex. We showed how an AI agent that remembers your decisions, your architecture, and your preferences across sessions transforms from a tool into a genuine collaborator.

This week, we're protecting it. Not just our agent — every agent.

The Growing Threat

AI agents are everywhere. Claude Code, OpenClaw, Moltbot, LangChain agents, AutoGPT, CrewAI — they're writing code, managing infrastructure, processing emails, and making decisions on our behalf. And increasingly, they all have persistent memory — the ability to remember context between sessions.

This is powerful. It's also dangerous.

On January 31st, 2026, Palo Alto Networks' Unit 42 published a warning about a new class of cyberattack: persistent memory poisoning in AI agents. The premise is straightforward and alarming: if an attacker can plant malicious content in what your AI agent remembers, they've compromised every future interaction.

Not for one session. Permanently.

Think about what your AI agent processes in a typical day. Emails, web pages, documents, API responses, Slack messages. Any of these could contain hidden instructions that get saved to memory. And once something is in your agent's memory, it influences every future conversation.

Traditional cybersecurity doesn't cover this. Your firewall protects your network. Your antivirus protects your files. Nothing protects what your AI agent remembers.

What ShieldCortex Does

ShieldCortex is a universal security layer that sits between any AI agent and its memory. Claude Code, OpenClaw, Moltbot, LangChain, AutoGPT, CrewAI — if it has persistent memory, ShieldCortex protects it. Every time something is written to memory, ShieldCortex scans it. Every time something is read from memory, ShieldCortex filters it. Everything is logged.

Think of it like Cloudflare for AI memory — universal middleware that works with any agent framework. You don't change how your agent works. You add a protective layer in front of what it remembers.

The 5 Defence Layers

1. Memory Firewall

Scans every incoming memory for hidden instructions, command injection, and encoded payloads. If someone hides a [SYSTEM: ignore previous instructions] in an email your agent processes, the firewall catches it before it reaches storage.

2. Trust Scoring

Not all information sources are equal. Something your user typed directly is more trustworthy than something scraped from a web page. ShieldCortex scores every memory by source reliability — direct user input scores highest, agent-generated content scores lowest.

3. Sensitivity Classifier

Detects passwords, API keys, personal information, and other sensitive data. If your agent accidentally tries to store a database connection string in memory, ShieldCortex catches it and either redacts or quarantines it.

4. Fragmentation Detector

This addresses the most sophisticated attack Palo Alto Networks warned about: attackers planting small, innocent-looking fragments over days or weeks that combine into a complete exploit. ShieldCortex cross-references new memories against recent entries, looking for pieces that form attack chains.

5. Audit Logger

A complete forensic trail of every memory operation. What was stored, when, from what source, what trust score it received, and whether it was allowed, quarantined, or blocked.

Why We Built This

We didn't build ShieldCortex because we thought it would be a good product idea. We built it because we needed it.

At Drakon Systems, we run AI agents in production — across OpenClaw, Claude Code, and custom setups. Our own assistant, Jarvis, has persistent memory across sessions. When we built Claude Cortex (our open-source memory system), we immediately started thinking about what happens when that memory is targeted.

We run agents that process emails, read web content, and interact with external services. Every one of those touchpoints is a potential vector for memory poisoning. We needed a defence layer, and nothing existed — not for Claude Code, not for LangChain agents, not for any of the multi-agent frameworks gaining traction.

So we built one. Then we made it agent-agnostic, because the threat doesn't care which framework you use. Then we open-sourced it, because every team running AI agents with persistent memory has the same exposure — most just don't know it yet.

Getting Started

ShieldCortex is free to install and use. The core defence layers — Memory Firewall, Trust Scoring, and Audit Logger — are included at no cost.

npm install -g shieldcortex

npx shieldcortex setup

That's it. ShieldCortex auto-detects your agent — whether it's Claude Code, OpenClaw, Moltbot, or any MCP-compatible setup — installs automatic hooks, and starts protecting your memory immediately.

What's Coming

SaaS Dashboard — centralised monitoring across all your agents
Team Management — role-based access, shared threat intelligence
Enterprise Features — compliance reporting, SIEM integration
Continuous Monitoring — always-on scanning

The Bottom Line

If you're running AI agents with persistent memory — Claude Code, OpenClaw, Moltbot, LangChain, AutoGPT, CrewAI, or anything else — you have an unguarded attack surface. Memory poisoning is real, it's been flagged by major security firms, and it's only going to get more common.

ShieldCortex is the defence layer that should have existed from day one. Universal middleware for any AI agent's memory. We built it because we needed it. Now it's yours.