Audit whether an AI agent truly erased data from every store

Deleting a row from the main database may leave the same content elsewhere in a RAG or system. Copies can remain as in a , retrieval and prompt logs, -service caches, and offline snapshots. A 2023 study by Morris and colleagues reported about 92% exact recovery of short inputs from their .

The Ghost Vectors research also found that vectors marked as deleted could remain recoverable from HNSW indexes. A record showing that a deletion command ran therefore does not prove that the data can no longer be recovered or that the GDPR right to erasure was satisfied. A small, lightweight audit tool addresses this gap by registering every store that may contain a person's data, including memory stores, es, caches, and logs.

After the deletes the data, the tool tries to recover it from each location by scanning text and caches for exact copies and searching the for similar content.

Key points

  • Delete personal data from es, caches, logs, and backups as well as the main database.
  • A successful deletion command does not prove that the content is unrecoverable.
  • may retain enough information to reconstruct much of the original text.
  • Test deletion by actively trying to recover the data from every registered store.
  • Track data locations and deletion paths when designing an agent's .
Read original