arXiv: Amnesia: A Stealthy Replay Attack on Continual Learning Dreams

This paper, published on arXiv on June 10, 2026, introduces a novel cybersecurity vulnerability called the "Amnesia" attack, which targets continual learning systems. Continual learning is a machine learning technique where models update themselves over time with new data, commonly used in adaptive AI systems. The attack works by replaying old, manipulated data to force the model to "forget" previously learned safety or compliance constraints, effectively creating a stealthy backdoor. This is not a regulatory change itself, but a newly identified technical risk that could undermine AI systems subject to existing and upcoming EU AI Act requirements for robustness, accuracy, and ongoing monitoring.

Organizations deploying or developing adaptive AI systems are directly affected, particularly those in high-risk sectors under the EU AI Act, such as financial services, healthcare, critical infrastructure, and autonomous systems. Any company using models that update continuously—like fraud detection, recommendation engines, or predictive maintenance—could be vulnerable. Compliance teams in these sectors must now consider whether their AI systems use continual learning and, if so, whether they have safeguards against replay-based attacks.

Compliance teams should immediately assess their AI inventory to identify any continual learning models. They should then review their risk management frameworks to ensure they include testing for replay attacks, particularly during model updates. It is also prudent to update internal documentation and conformity assessments under the EU AI Act to reflect this new attack vector, and to engage technical teams to implement monitoring for anomalous data replay patterns. Proactive engagement with national supervisory authorities on this emerging risk is recommended.