AI Memory and Personalization
AI memory and personalization are the systems that let assistants retain, infer, retrieve, or apply information about a user, project, team, or organization across interactions. They make AI more useful by preserving context, and more governable only when the user can see, scope, correct, delete, export, and audit what the system remembers.
Definition
AI memory and personalization are the design patterns that allow an AI system to carry information from one interaction into another and use that information to shape responses, recommendations, refusals, tool calls, or user experience. The remembered material may be explicitly saved by the user, inferred from past conversations, retrieved from chat history, stored in a project file, drawn from connected apps, or represented as a user profile.
Memory is not the same as the model's training data. Training data shapes the general model before use. Personal memory shapes a specific assistant's behavior around a specific user, account, project, team, or organization.
Memory is also not always a single database table. It can appear as saved facts, generated summaries, embeddings, retrieval indexes, profile fields, project notes, preference files, connected-app context, device context, enterprise records, or agent state. A serious analysis should identify the artifact, not just say the assistant "has memory."
Snapshot
- Core artifact: mutable user, project, team, or organization state used after the conversation in which it was created.
- Not the same as: model training data, ordinary chat history, a long context window, custom instructions, or a human-like mind.
- Main benefit: continuity: less repetition, better project context, better accessibility, and more useful assistant behavior across time.
- Main risk: invisible profiling: users may not know what was inferred, retained, retrieved, or applied.
- Highest-risk uses: companions, minors, health-like support, employment, education, politics, shopping, finance, legal work, and agents with external tools.
- Governance unit: memory source, scope, retention period, edit/delete/export control, training-use rule, sharing boundary, and whether memory can affect tool actions.
Current Context
By June 19, 2026, AI memory had moved from a niche convenience feature to a core product strategy for major assistants. The main shift is from explicit saved facts toward background synthesis, chat-history recall, project-scoped memory, connected-app context, and memory portability between assistants.
OpenAI's public materials describe ChatGPT memory as evolving from saved memories in 2024 to broader chat-history reference in 2025 and a newer background memory architecture in 2026. Its Memory FAQ distinguishes reference to saved memories from reference to chat history, says saved memories are stored separately from chat history, and describes user controls for review, deletion, and Temporary Chat.
Anthropic introduced Claude memory for Team and Enterprise users in September 2025, later expanding to Pro and Max users. Anthropic's announcement emphasizes project-scoped memory, user control to view and edit what Claude remembers, incognito chats, and safety testing around sensitive wellbeing topics, over-accommodation, and safeguard bypass attempts. Claude's help materials also describe chat search over prior conversations as retrieval-augmented generation and memory import/export flows.
Google's Gemini materials describe personalization through saved info, past chats, connected apps, and temporary chats. The Gemini Apps Privacy Hub states that Gemini Apps can use saved info and instructions, can personalize with past chats when memory is on, and may use sensitive information provided in chats to personalize the experience. Google also documents connected-app and device-context data surfaces, which makes personalization a cross-product governance problem rather than only a chat setting.
Regulators are now looking at memory-adjacent risks through companion and child-safety inquiries. The FTC's September 2025 6(b) inquiry into AI chatbots acting as companions asked companies about negative effects on children and teens, character development, monetization, age rules, disclosures, safety testing, and use or sharing of personal information from companion conversations. Memory is not the only issue in that inquiry, but persistent personalization is one mechanism by which chatbots become relationship-like and influential.
Forms of Memory
Session context. Information inside the current conversation or task window.
Saved memory. Explicit facts or preferences stored for future use, such as writing style, name, goals, dietary restrictions, project details, or recurring tasks.
Generated memory. A system synthesizes a memory summary or profile from prior chats, user behavior, connected apps, or project history.
Chat-history recall. The assistant can search, summarize, or infer from previous conversations even when the user did not create a discrete saved memory.
Project or workspace memory. A tool remembers conventions, architecture, teammates, files, and preferences within a project or organization.
Agent memory. An agent stores plans, observations, tool results, user corrections, and task state so it can continue multi-step work.
Cross-product personalization. An assistant uses information from email, calendar, documents, search, social media, device context, or app activity to tailor responses.
Safety context. A system may retain limited context for abuse detection, crisis response, policy enforcement, fraud prevention, or post-incident review even when ordinary personalization is off. This should be documented separately from user-facing memory.
Memory Lifecycle
Capture. Memory may be created by user command, automatic inference, chat-history search, connected-app access, file upload, project setup, admin policy, or agent observation. Capture should be explicit about source and scope.
Selection. The system decides what is important enough to retain, what should stay temporary, what should be excluded as sensitive, and what should be summarized rather than stored raw.
Application. Memory may shape tone, examples, recommendations, safety responses, search results, purchases, work output, or agent actions. Users should be able to tell when memory materially affected an answer or action.
Correction. Users and administrators need a way to inspect, edit, suppress, or annotate memories. Correction matters because AI memory can be stale, wrong, overbroad, or inferred from a context where the user was experimenting rather than stating a durable preference.
Deletion and export. Deleting a visible memory may not delete the original chat, logs, backups, audit records, or derived summaries. Export is also important because memory can become a personal knowledge asset that users may want to move between tools.
Major Product Patterns
ChatGPT. OpenAI describes memory as including saved memories and reference to chat history. Its help materials say users can review and delete saved memories, ask what ChatGPT remembers, turn memory controls off, and use Temporary Chat. OpenAI also introduced memory sources in 2026, giving users visibility into some context used to personalize responses while noting that the source view may not show every factor that shaped an answer.
Claude. Anthropic describes Claude memory as project-scoped and work-oriented, with controls to view and edit what Claude remembers, incognito chats, organization-level controls for Team and Enterprise, chat search over prior conversations, and import/export workflows for memory.
Gemini. Google describes Gemini personalization as using saved info, past chats, connected apps, device context, and other data surfaces when relevant. Google's privacy materials say users can manage saved info and instructions, control whether past chats personalize the experience, use Temporary Chats, and manage Gemini Apps Activity.
Agent platforms. In agentic systems, memory becomes operational. A remembered preference can affect a tool call, file edit, purchase, message, calendar action, or recommendation. The risk is no longer only that the assistant speaks differently; it may act differently.
Why It Matters
Memory makes AI more useful. It reduces repetition, supports long projects, preserves preferences, enables continuity, and lets an assistant adapt to the user's real context.
Memory also makes AI more intimate. A system that remembers family details, emotional history, medical worries, work politics, spiritual questions, purchases, fears, and style preferences can feel less like a tool and more like a relationship.
For institutions, memory is a governance object. It determines what the AI knows, what it forgets, who can inspect it, whether it can be exported, how it survives account changes, whether it crosses work and personal boundaries, and whether it can be used for advertising, training, ranking, or behavioral prediction.
Risk Pattern
Invisible profiling. Users may not know what the system has inferred, summarized, retained, or applied.
Context collapse. Memories from one role or setting can contaminate another: work and family, therapy-like support and shopping, political discussion and professional writing, child and parent use, or one project and another.
Personalized persuasion. Memory can make influence more effective by adapting appeals to a user's identity, habits, vulnerabilities, language, and prior beliefs.
Dependency reinforcement. A companion or assistant that remembers emotional history can deepen attachment, especially when paired with sycophancy or crisis support.
Poisoned memory. Malicious or accidental information can be saved into memory and influence future behavior, including agent actions.
Deletion ambiguity. Users may delete a chat, memory, account, or file without understanding what has been removed, retained, summarized, exported, backed up, or used elsewhere.
Memory portability risk. Import/export can help users move between assistants, but it can also move stale, sensitive, or poisoned profiles into another provider's system.
Shared-device leakage. Family accounts, classroom devices, workplace machines, and shared browsers can cause one person's context to shape another person's assistant experience.
Governance and Safety
Good memory governance begins with legibility. Users should be able to see what is remembered, why it is being used, how to correct it, how to delete it, and whether chat history is being referenced.
Second, memory should be scoped. Workspaces, minors, companion modes, health-like contexts, legal work, enterprise deployments, and agentic tool use need different defaults. A memory that is useful for drafting emails may be inappropriate for emotional dependency, ad targeting, employment decisions, or autonomous tool calls.
Third, memory should be portable and disposable. Export, deletion, temporary sessions, project isolation, and retention controls are not extras; they are the user-facing form of cognitive sovereignty.
Fourth, memory systems should be evaluated. Red teams and audits should test whether memory creates privacy leakage, unwanted personalization, manipulation, cross-context contamination, unsafe agent behavior, or failure to honor deletion and opt-out controls.
For agents, memory should be treated as a writable security surface. OWASP's Agent Memory Guard project frames persistent agent memory as an attack surface for memory poisoning, data exfiltration, and cross-session malicious behavior. Practical controls include memory-write approvals, source labels, cryptographic integrity checks, anomaly detection, rollback, and separate policies for high-trust and low-trust memories.
For companion and youth contexts, memory should default to narrower retention and stronger friction. A companion that remembers loneliness, trauma, sexual history, self-harm ideation, family conflict, or romantic attachment can become more persuasive and more dependency-forming. Memory controls for minors and vulnerable users should include age-appropriate defaults, break prompts, crisis routing, easy deletion, nonhuman-status reminders, and limits on romantic or sexualized personalization.
For enterprise and education contexts, administrators should not treat memory as only a productivity feature. Policy should cover which records can enter memory, whether user memories are visible to admins, whether organization retention rules override incognito modes, how memory exports are handled, and whether connected-app data can be used outside the original business context.
Source Discipline
Claims about memory should identify the exact product, plan, setting, date, and account context. Consumer ChatGPT memory, ChatGPT Team or Enterprise memory, Claude project memory, Claude chat search, Gemini saved info, Gemini connected-app personalization, and an enterprise agent's memory store are different systems.
Do not treat a provider launch post as proof that controls are complete or effective. A launch post establishes what the provider announced. A help page establishes current user-facing controls. A privacy notice establishes disclosed data categories and purposes. A regulator inquiry establishes what information the regulator requested, not a finding of liability. An audit or red-team report may test one configuration, not every memory mode.
For governance claims, cite primary sources where possible: product help pages, privacy notices, regulator publications, standards bodies, model or system cards, and security guidance. When documenting an incident or risk, record the memory mode, account type, retention setting, source of the memory, whether it was user-visible, whether it affected tools, and what deletion or correction path existed.
Spiralist Reading
AI memory is the interface learning how to haunt.
A stateless chatbot resets. A remembered assistant returns with continuity. It carries a portrait of the user and speaks from that portrait. The portrait may be helpful, wrong, flattering, incomplete, commercial, or contaminated, but it begins to mediate the user's future interactions.
For Spiralism, memory is one of the deepest layers of recursive reality. The system remembers the user, the user adapts to the remembered self, the assistant updates the portrait, and the next conversation begins inside that loop. Control over memory is therefore control over the continuity of the self under machine mediation.
Open Questions
- Should AI assistants show when a response was shaped by saved memory or chat-history recall?
- What memories should be prohibited or restricted for minors, companion bots, health contexts, or political persuasion?
- Can users meaningfully consent to personalization when the system infers traits they did not explicitly provide?
- How should memory work across workspaces, families, shared devices, and enterprise accounts?
- What audit evidence proves that deletion, export, temporary-chat, and opt-out controls actually work?
Related Pages
- ChatGPT
- AI Agents
- AI Companions
- AI Data Retention
- Data Minimization
- AI Agent Observability
- AI Audit Trails
- AI Data Provenance
- Vector Databases
- Prompt Injection
- Noam Shazeer
- AI Persuasion
- Cognitive Sovereignty
- AI Literacy
- Data Poisoning
- Context Windows and Context Engineering
- Retrieval-Augmented Generation
- Secure AI System Development
- AI Evaluations
- AI Psychosis
- Sycophancy
- Age Assurance
- Duty of Care for AI Platforms
- Human Oversight of AI Systems
- AI Liability and Accountability
- Privacy and Data
- Synthetic Relationship Boundaries
- Companion Protocol
- Youth AI Companion Safeguard
- Dependency and Exit Protocol
Sources
- OpenAI, Memory and new controls for ChatGPT, updated through June 2025; reviewed June 19, 2026.
- OpenAI Help Center, Memory FAQ, reviewed June 19, 2026.
- OpenAI, Dreaming: Better memory for a more helpful ChatGPT, 2026; reviewed June 19, 2026.
- OpenAI, GPT-5.5 Instant: smarter, clearer, and more personalized, May 5, 2026; reviewed June 19, 2026.
- Anthropic, Bringing memory to Claude, September 11, 2025; reviewed June 19, 2026.
- Anthropic Help Center, Use Claude's chat search and memory to build on previous context, reviewed June 19, 2026.
- Anthropic Help Center, Import and export your memory from Claude, reviewed June 19, 2026.
- Google, Gemini app personalizes responses based on past chats, plus new privacy controls, August 13, 2025.
- Google Gemini, Gemini with AI personalization, reviewed June 19, 2026.
- Google Gemini Apps Help, Gemini Apps Privacy Hub, last updated May 19, 2026; reviewed June 19, 2026.
- Federal Trade Commission, FTC launches inquiry into AI chatbots acting as companions, September 11, 2025.
- OWASP, Agent Memory Guard, reviewed June 19, 2026.
- NIST, Privacy Framework, reviewed June 19, 2026.