Survey Benchmark Agent Memory Long-Term Memory Memory Architecture

A Survey on the Security of Long-Term Memory in LLM Agents: Toward Mnemonic Sovereignty

AuthorsZehao Lin, Chunyu Li, Kai Chen

2026

TL;DR

Mnemonic Sovereignty frames long term memory in LLM agents as a governed lifecycle, revealing that write and retrieve integrity attacks dominate while store, share, availability, and forgetting remain largely unprotected.

SharePost on X LinkedIn

Read our summary here, or open the publisher PDF on the next tab.

THE PROBLEM

Persistent agent memory as an ungoverned attack surface

Mnemonic Sovereignty highlights that most existing work fixates on write time and retrieve time integrity, while store, forget, and availability phases are sparsely studied.

When long term memory is writable and cross session, agents can be continuously shaped, cross session poisoned, and propagated across shared organizational state, undermining safety and accountability.

HOW IT WORKS

Mnemonic sovereignty and the six phase memory lifecycle

Mnemonic Sovereignty introduces a six phase lifecycle with Write, Store, Retrieve, Execute, Share, and Forget Rollback, cross tabulated against integrity, confidentiality, availability, and governance.

The framework borrows from cognitive neuroscience, treating agent memory as reconstructive and socially propagating, analogous to hippocampal reconsolidation and social contagion rather than a static cache.

This lifecycle and governance lens lets Mnemonic Sovereignty expose where long term memory enables persistent contamination, provenance failure, and missing write gate validation that a plain context window model cannot express.

DIAGRAM

Memory lifecycle and attack focus across phases

This diagram shows how Mnemonic Sovereignty maps attacks and defenses onto the six phase memory lifecycle, emphasizing where the literature is dense or sparse.

DIAGRAM

Evidence distribution and research gaps across the lifecycle

This diagram shows how Mnemonic Sovereignty’s survey corpus populates the lifecycle by objective matrix, highlighting under studied cells.

PROCESS

How Mnemonic Sovereignty Handles a Memory Lifecycle

01
Write
Mnemonic Sovereignty treats Write as the phase where profile, episodic, retrieval, and shared organizational memory entries are first committed, emphasizing provenance and gate validation.
02
Store
In Store, Mnemonic Sovereignty analyzes indexing, compression, reflection, retention, and audit, showing how compression pipelines and reconsolidation can amplify toxins.
03
Retrieve
During Retrieve, Mnemonic Sovereignty studies how embedding similarity, graph traversal, and hybrid routing re activate poisoned entries and interact with control flow.
04
Forget Rollback
In Forget Rollback, Mnemonic Sovereignty examines unlearning, rollback semantics, and forensics, arguing for post deletion verification and cross substrate deletion protocols.

KEY CONTRIBUTIONS

Key Contributions

01
Theoretical grounding from human memory
Mnemonic Sovereignty maps reconstructive, reconsolidatable, and socially contagious human memory to agent memory, introducing provenance failure, read time rewriting, shared memory contagion, and poisoned confidence calibration.
02
Memory lifecycle analysis framework
Mnemonic Sovereignty proposes a six phase lifecycle with Write, Store, Retrieve, Execute, Share, and Forget Rollback, cross tabulated with integrity, confidentiality, availability, and governance objectives into a lifecycle by objective matrix.
03
Normative concept of mnemonic sovereignty
Mnemonic Sovereignty defines mnemonic sovereignty as verifiable governance over what may be written, who may read, when updates are authorized, which states remain auditable, and which states may be forgotten.

RESULTS

By the Numbers

Lifecycle corpus size

70 works

covers 2023 to 2026 primary memory security literature

Peer reviewed share

30%

Tier 1 peer reviewed fraction in Mnemonic Sovereignty corpus

Preprint share

55%

Tier 2 preprint fraction in Mnemonic Sovereignty corpus

Write Retrieve share

55%

approximate proportion of works focusing on Write and Retrieve phases

Mnemonic Sovereignty’s corpus spans roughly 70 primary works on LLM agent and RAG memory security from 2023 to April 2026, with about 30 percent peer reviewed and 55 percent preprints. This distribution shows that most evidence for long term memory security, especially at Write and Retrieve, is still emerging, while Store, Availability, and Forget Rollback remain under explored.

BENCHMARK

By the Numbers

BENCHMARK

Evidence stratification across Mnemonic Sovereignty corpus

Proportion of Tier 1 peer reviewed, Tier 2 preprint, and Tier 3 grey literature in the Mnemonic Sovereignty survey.

KEY INSIGHT

The Counterintuitive Finding

Mnemonic Sovereignty finds that no published memory architecture covers all nine governance primitives, and write gate validation plus post deletion verification are blind spots everywhere.

This is surprising because many systems advertise robust memory safety, yet they lack basic controls over who can write persistent state and how deletion is verified, contradicting assumptions from mature security domains.

WHY IT MATTERS

What this unlocks for the field

Mnemonic Sovereignty gives builders a lifecycle map to place attacks and defenses, clarifying where to add provenance, validation, and rollback in long term memory.

With this framework, practitioners can design agents differentiated not only by recall capacity but by memory governance, enabling verifiable mnemonic sovereignty over persistent, cross session, and shared organizational state.

~14 min read← Back to papers

Related papers

SurveyAgent Memory

Anatomy of Agentic Memory: Taxonomy and Empirical Analysis of Evaluation and System Limitations

Dongming Jiang, Yi Li et al.

arXiv 2026 · 2026

Anatomy of Agentic Memory organizes agentic memory into four structures using components like Lightweight Semantic Memory, Entity-Centric and Personalized Memory, Episodic and Reflective Memory, and Structured and Hierarchical Memory. Anatomy of Agentic Memory then reports comparative results such as Nemori’s 0.781 semantic judge score on LoCoMo versus SimpleMem’s 0.298, and latency differences like 1.129s for Nemori versus 32.372s for MemoryOS.

arXiv:2602.19320 Read explainer

SurveyRAGAgent Memory

Memory for Autonomous LLM Agents:Mechanisms, Evaluation, and Emerging Frontiers

Pengfei Du

· 2026

Memory for Autonomous LLM Agents decomposes agent memory into a POMDP-grounded write–manage–read loop, a three-dimensional taxonomy, and five mechanism families spanning context compression, retrieval stores, reflection, hierarchical virtual context, and policy-learned management. Memory for Autonomous LLM Agents synthesizes results like Voyager’s 15.3× tech-tree speedup and MemoryArena’s 80%→45% drop to show that memory architecture often matters more than backbone choice.

arXiv:2603.07670 Read explainer

Survey

From Human Memory to AI Memory: A Survey on Memory Mechanisms in the Era of LLMs

Yaxiong Wu, Sheng Liang et al.

arXiv 2025 · 2025

From Human Memory to AI Memory maps human memory categories onto AI memory using the 3D-8Q taxonomy with Personal Memory, System Memory, and the Three-Dimensional Eight-Quadrant Memory Taxonomy. The main result is that From Human Memory to AI Memory systematically organizes memory in LLM-driven AI systems across eight quadrants defined by object, form, and time, connecting them to human memory types.

arXiv:2504.15965 Read explainer

Questions about this paper?

Answers use this explainer on Memory Papers.

Checking…