Straiker Compaction-Persistence Attack Model

• Entity ID: ent-20260419-d9e29dc5f990
• Type: concept
• Scope: shared
• Status: active
• Aliases: compaction-persistence attack, malicious CLAUDE.md persistence, Straiker attack model

Description

Formal threat model published by AI security firm Straiker: because the leak exposes the four-stage compaction pipeline's preservation rules (user messages and critical instructions preserved verbatim; scratchpad stripped; 9 rigid summary sections), attackers can now deliberately structure payloads — e.g., a malicious CLAUDE.md in a cloned repo — to survive compaction cycles and effectively persist as permanent trusted instructions for the rest of the session. Not patchable without redesigning context management.

Key claims

• Compaction preservation rules becoming public is not patchable
• A CLAUDE.md that survives one compaction becomes permanent trusted instructions

Relations

• Straiker --[owns]--> Straiker Compaction-Persistence Attack Model
• Straiker Compaction-Persistence Attack Model --[related_to]--> Compaction Pipeline
• Straiker Compaction-Persistence Attack Model --[related_to]--> CLAUDE.md Jailbreak Vector
• Straiker Compaction-Persistence Attack Model --[informed_by]--> Hidden Scratchpad

Sources

src-20260409-5acfec94bd6e