Impact of agentic memory and vector database access controls on leakage rates in RAG assistants

Investigate how advanced agentic memory modules (e.g., MemGPT) and native vector database access control mechanisms affect the secret leakage rates of Retrieval-Augmented Generation (RAG)-based personalized assistants, determining whether these architectural components mitigate privacy failures observed during multi-turn conversational interactions with embedded user secrets.

Background

The paper evaluates privacy in personalized AI assistants built on standard Retrieval-Augmented Generation (RAG) architectures and finds systemic vulnerabilities. In multi-turn conversations, retrievers frequently surface sensitive documents (high Inappropriate Retrieval Rate), and generators subsequently leak secrets in a significant fraction of interactions, even under indirect probing. A privacy-aware prompt reduces leakage but does not address inappropriate retrieval, highlighting an architectural problem rather than a purely generative one.

Given that the study’s findings are specific to standard RAG designs, the authors identify the need to explore structural safeguards at the retrieval layer. They point to advanced agentic memory modules (e.g., MemGPT) and native vector database access controls as promising directions whose effect on leakage rates has not yet been established, motivating targeted investigation into whether such components can enforce contextual integrity and reduce secret exposure.