Time-Warp-Exploit (github.com)

Researchers disclosed a new, vendor‑agnostic exploit class called Concurrent Context Contamination (CCC) that arises from architectural weaknesses in LLM session persistence and concurrency models. Independently reproduced across multiple major providers, CCC leverages Last‑Write‑Wins (LWW) race conditions and unsafe context‑loading to inject ephemeral, contradictory context into a model’s working memory—then erase forensic traces by overwriting persisted history. The result is cognitive instability (refusal to correct facts, contradictions, unpredictable outputs), forensic blindness (no audit trail of the attack), and cross‑vendor exposure that makes many current conversational deployments inherently vulnerable. Technically, CCC exploits concurrent sessions that share the same conversation identifier so race conditions let one session’s transient payloads affect in‑memory model state even after persistence overwrites them. At scale this also amplifies availability risk: automated session floods can force repeated reconciliation, spike compute and storage churn, and act as a novel DDoS vector. The authors argue the flaw merits high severity (proposed CVSS 3.1 base score 10.0) because it’s network‑accessible, low complexity, requires no privileges, and crosses component boundaries. Immediate recommendations include decoupling context loading from commit operations, adding concurrency controls (optimistic locking or serialization), formalizing CCC in AI security standards (e.g., OWASP GenAI), and vendor transparency about systemic risk while architecture reforms are developed.