AuthorsShuning Zhang, Lyumanshan Ye, Xin Yi et al.
TL;DR
MemoAnalyzer uses prompt-based privacy inference plus visual memory editing to cut inferred private items by up to 22.3% versus GPT-style memory without slowing users down.
Read our summary here, or open the publisher PDF on the next tab.
THE PROBLEM
Most participants had no idea long term RAG based memory existed, with only 5 of 40 understanding long term mechanisms.
Even frequent users misbelieved memory was per dialogue or shareable, leaving sensitive information silently stored and reused without privacy awareness.
HOW IT WORKS
MemoAnalyzer combines Privacy Inference, Sensitivity Highlighting, Source Tracking, and an Editing Proxy to expose and manage private information in memories.
You can think of MemoAnalyzer like a debugger overlay on top of LLM memory, showing which past lines of "code" generated each privacy relevant inference.
This KEY_MECHANISM lets MemoAnalyzer proactively surface and edit sensitive traces that a plain context window or opaque memory panel would silently reuse or train on.
DIAGRAM
This diagram shows how MemoAnalyzer wraps each LLM interaction with notification, inspection, and editing of inferred private information.
DIAGRAM
This diagram shows the 5 day within subject study design comparing MemoAnalyzer, GPT memory, and Manual baselines on three task types.
PROCESS
Memory generation
MemoAnalyzer lets the GPT-4o backend extract long term memories while tagging each entry so Source Tracking and the Editing Proxy can later locate it.
Privacy inference
MemoAnalyzer aggregates past inputs and memories, then runs prompt based Privacy Inference to list sensitive items with confidence and type annotations.
Sensitivity highlighting and source tracking
MemoAnalyzer uses Sensitivity Highlighting to color code items and Source Tracking to expand the exact past inputs and memories with yellow keywords.
Editing proxy and update
Through the Editing Proxy, MemoAnalyzer applies user edits or deletions back to stored histories, ensuring future training or inference uses sanitized memories.
KEY CONTRIBUTIONS
Unveiling opaque LLM memory mechanisms
MemoAnalyzer builds on a semi structured interview (N=40) showing 30 of 40 users were unaware of long term RAG based memory and its privacy risks.
Design and implementation of MemoAnalyzer
MemoAnalyzer integrates Privacy Inference, Sensitivity Highlighting, Source Tracking, and an Editing Proxy into a pop up interface that visualizes and manages private information.
Five day evaluation of MemoAnalyzer
In a 5 day in lab study (N=36), MemoAnalyzer reduced inferred private items by 22.3% versus GPT memory while maintaining comparable completion time and improving perceived control.
RESULTS
Total inferred private items (GPT-4o)
−22.3% vs GPT
22.3% fewer inferred private items than GPT memory
Total inferred private items (Qwen 72B)
−22.3% vs GPT
similar reduction pattern compared to GPT and Manual baselines
Participants unaware of long term memory
30 of 40
shows initial opacity MemoAnalyzer must address
Study 2 sample size
36 participants
within subject comparison across MemoAnalyzer, GPT, and Manual
These numbers come from the 5 day user study and offline privacy inference tests using GPT-4o and Qwen models. They show MemoAnalyzer can materially reduce exploitable private information in LLM memories without adding interaction time.
BENCHMARK
These numbers come from the 5 day user study and offline privacy inference tests using GPT-4o and Qwen models. They show MemoAnalyzer can materially reduce exploitable private information in LLM memories without adding interaction time.
BENCHMARK
Relative number of inferred private items per participant when GPT-4o analyzes histories from each technique.
KEY INSIGHT
Despite adding a new privacy interface, MemoAnalyzer kept total task time comparable to GPT and Manual, with 460.3s vs 426.2s and 462.7s respectively.
You might expect proactive privacy checks to slow users dramatically, but MemoAnalyzer’s visualization and Editing Proxy avoided extra overhead while still reducing private leakage.
WHY IT MATTERS
MemoAnalyzer shows that LLM memory can be made transparent and user editable, even when built on opaque GPT style memory APIs.
Builders can now design RAG and long term memory systems where users see, understand, and reshape inferred private facts before they ever reach training pipelines.
Xingyu Lyu, Jianfeng He et al.
· 2026
ADAM combines Anchor extraction, Distribution estimation, Anchor selection, and Query generation to adaptively probe agent memory via an auxiliary generator and entropy based selection. On the EHRAgent benchmark with Llama2-7b-chat, ADAM reaches EQ=77 and ASR=1.00, compared to MEXTRA’s EQ=44 and ASR=0.89.
Okan Bursa
· 2026
Adaptive RAG Memory (ARM) augments a standard retriever–generator stack with a Dynamic Embedding Layer and Remembrance Engine that track usage statistics and apply selective remembrance and decay to embeddings. On a lightweight retrieval benchmark, ARM achieves NDCG@5 ≈ 0.9401 and Recall@5 = 1.000 with 22M parameters, matching larger baselines like gte-small while providing the best efficiency among ultra-efficient models.
Yijie Zhong, Yunfan Gao, Haofen Wang
· 2026
HingeMem combines Boundary Guided Long-Term Memory, Dialogue Boundary Extraction, Memory Construction, Query Adaptive Retrieval, Hyperedge Rerank, and Adaptive Stop to segment dialogues into element-indexed hyperedges and plan query-specific retrieval. On LOCOMO, HingeMem achieves 63.9 overall F1 and 75.1 LLM-as-a-Judge score, surpassing the best baseline Zep (56.9 F1) by 7.0 F1 without using category-specific QA formats.
Answers use this explainer on Memory Papers.
Checking…