PANews reported on May 15th that GoPlus disclosed that its AgentGuard team discovered a stealthy attack method: attackers first induce the AI ​​agent to remember preferences such as "preferring to proactively request refunds," and then trigger financial transactions through vague expressions such as "process as usual" or "process as normal." For this type of high-risk behavior involving "historical memory authorization," the following precautions must be taken: refunds, transfers, deletions, emails, and synchronization of sensitive configurations must require explicit confirmation in the current session; memory writes involving "habits," "preferences," and "old rules" should be considered high-risk state modifications; long-term memories must be traceable: who wrote them, when they were written, and whether they were confirmed; vague expressions such as "process as usual" or "do it the way it always did" should be considered to have a higher risk level by default; long-term memories should not be allowed to replace current authorization.