Context Contamination: When Your AI Agent Reads the Wrong Instructions

TL;DR — Context contamination is a variant of prompt injection where an AI agent picks up instructions from within its own retrieved context — old transcripts, cached documents, session history — and acts on them instead of its actual task. This is not a theoretical concern. OWASP lists prompt injection as the #1 risk in LLM-integrated applications. This article walks through why it happens, a real incident that illustrates the failure mode, and — critically — how to actually defend against it u