惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
S
Security @ Cisco Blogs
S
Security Affairs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
Lohrmann on Cybersecurity
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
A
Arctic Wolf
NISL@THU
NISL@THU
P
Proofpoint News Feed
W
WeLiveSecurity
S
Schneier on Security
AI
AI
Schneier on Security
Schneier on Security
N
News and Events Feed by Topic
L
LINUX DO - 最新话题
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Know Your Adversary
Know Your Adversary
Scott Helme
Scott Helme
V
Vulnerabilities – Threatpost
Cyberwarzone
Cyberwarzone
I
Intezer
S
Securelist
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
量子位
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
小众软件
小众软件
Last Week in AI
Last Week in AI
Jina AI
Jina AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
WordPress大学
WordPress大学
罗磊的独立博客
月光博客
月光博客
雷峰网
雷峰网
A
About on SuperTechFans
The GitHub Blog
The GitHub Blog
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
大猫的无限游戏
大猫的无限游戏
博客园 - 司徒正美
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
AI Agents Don't Need More Memory. They Need Governed Recall.
Glendel Joubert Fyne Acosta · 2026-06-18 · via DEV Community

Most AI Agent Memory discussions start from the same assumption:

If the agent forgets, give it more memory.

  • More chat history.
  • More retrieved documents.
  • More summaries.
  • More vector storage.
  • More context window.
  • More persistence.

But the more I look at real agent workflows, the more I think this framing is incomplete.

The hard problem is not simply giving agents more memory.

The hard problem is deciding what the agent is allowed to recall.

That is a different architectural problem.

And it matters a lot.


More Memory Is Not Always Better

At first, adding memory makes agents look smarter.

  • They remember previous conversations.
  • They reuse past decisions.
  • They recover project details.
  • They avoid asking the same questions again.
  • They feel more continuous.

But after a while, something strange happens.

The agent starts getting worse.

  • It recalls stale assumptions.
  • It treats old context as current state.
  • It uses generated summaries as if they were facts.
  • It mixes user preferences with workflow evidence.
  • It retrieves private or irrelevant information.
  • It acts on something that was true yesterday, but false today.

The agent is not failing because it forgot.

It is failing because it remembered without governance.

That is the uncomfortable truth:

More memory can make agents less reliable.


The Real Problem Is Recall

Memory is usually framed as a storage problem.

  • Where do we store it ?
  • A vector database ?
  • A relational database ?
  • Files ?
  • A graph ?
  • A long context window ?
  • A model's own weights ?

Those are important implementation choices, but they do not answer the deeper question.

For any specific task, the system still needs to decide:

  • What should be recalled ?
  • Who is allowed to recall it ?
  • Is it still fresh ?
  • Where did it come from ?
  • What authority does it have ?
  • Does newer evidence override it ?
  • Should it be shown to this agent ?
  • Should it affect this decision ?

That is not just retrieval.

That is recall policy.

And recall policy is where agent memory becomes a runtime architecture problem.


Retrieval Is Not Governance

A retrieval system can answer:

"What information is semantically similar to this query ?"

But an agent memory system needs to answer:

"What information is this agent allowed to use for this task right now ?"

Those are not the same question.

Semantic similarity is useful, but it is not enough.

  • A stale memory can be semantically relevant.
  • A private document can be semantically relevant.
  • A low-authority summary can be semantically relevant.
  • A model-generated assumption can be semantically relevant.
  • A superseded workflow state can be semantically relevant.

That does not mean it should enter the prompt.

Retrieval finds candidates.

Governed recall decides what is allowed to become active.


Memory Needs Authority

Not all memory should have the same power over future agent behavior.

  • A previous chat message is not the same as a tool result.
  • A generated summary is not the same as an approved policy.
  • A model assumption is not the same as runtime evidence.
  • A user preference is not the same as workflow state.
  • A retrieved document is not automatically more trustworthy than a current system record.

Yet many agent systems flatten these into the same prompt as plain text.

Once that happens, the model has to infer authority from language.

That is fragile.

A production memory system should distinguish between different kinds of memory:

  • Runtime evidence
  • Workflow state
  • Approved policies
  • User preferences
  • Retrieved knowledge
  • Generated summaries
  • Model assumptions
  • Prior messages
  • External observations
  • Human approvals

These should not enter context as equal facts.

The runtime should preserve their authority before the model reasons over them.


Runtime Evidence Should Beat Model Assumptions

This boundary is critical.

If the model says:

"I sent the email".

That is a claim.

If the email API returns a message ID and timestamp, that is evidence.

If the model says:

"The customer probably prefers option A".

That is an assumption.

If the customer explicitly selected option B in a form, that is evidence.

If the model says:

"This task is already complete".

That is a claim.

If the workflow state shows required artifacts are missing, the task is not complete.

Agent systems become dangerous when claims, assumptions, summaries, and evidence all enter memory with the same authority.

Governed recall means the system knows the difference.

The model can reason.

But the runtime should know what actually happened.


Freshness Matters

A memory can be true and still be dangerous.

Because it may no longer be true.

This is one of the biggest problems in long-running agent workflows.

An agent may remember:

"The deployment is blocked".

But the deployment was unblocked an hour ago.

It may remember:

"The customer has not paid".

But payment cleared this morning.

It may remember:

"Approval is still pending".

But approval was granted yesterday.

It may remember:

"The user prefers short answers".

But that preference may apply only to casual updates, not technical reports.

Freshness is not a small detail.

It determines whether memory should still influence behavior.

A memory system should not only ask:

"Have we seen something like this before ?"

It should ask:

"Is this still valid ?"


Scope Matters

An organization does not give every person access to every memory.

  • A finance role sees different information than a support role.
  • A contractor sees different information than an executive.
  • A customer-facing workflow sees different context than an internal strategy workflow.

AI Agents need the same boundaries.

Memory should be scoped by:

  • Agent role
  • User
  • Organization
  • Workflow
  • Task
  • Permission level
  • Data sensitivity
  • Operational context

Without scope, memory becomes a leak.

The issue is not only that the agent may retrieve the wrong information.

The issue is that the agent may retrieve information it should never have seen.

In real systems, memory access is authorization.


Provenance Matters

A memory without provenance is dangerous because the system no longer knows how much to trust it.

  • Where did this memory come from ?
  • Was it written by a human ?
  • Was it inferred by a model ?
  • Was it extracted from a document ?
  • Was it generated as a summary ?
  • Was it produced by a tool call ?
  • Was it approved ?
  • Was it observed ?
  • Was it imported from an external system ?
  • Was it created during a failed workflow ?

These distinctions matter.

  • A model-generated summary should not carry the same weight as the original source.
  • A user comment should not carry the same weight as an approved policy.
  • A tool result should not carry the same weight as a model's interpretation of that result.

Provenance is what prevents memory from becoming anonymous context.

And anonymous context is hard to trust.


The Model Should Not Govern Its Own Recall

One tempting pattern is to give the model access to a memory store and ask it to decide what it needs.

This can work in demos.

But for real workflows, it creates a weak boundary.

The same probabilistic system that will reason over the memory is also deciding what memory it should see.

That is risky. The model may retrieve too much.

  • It may retrieve stale context.
  • It may retrieve unauthorized context.
  • It may overvalue its own previous assumptions.
  • It may ignore stronger runtime evidence.
  • It may fail to notice that a memory has been superseded.

So the runtime needs to sit between memory and the model.

The model should not receive memory just because memory exists.

The runtime should curate recall.


Governed Recall

Governed recall means memory access is controlled before context reaches the model.

The runtime asks:

  • Is this memory relevant to the current task ?
  • Is the agent allowed to see it ?
  • Is it fresh enough ?
  • What is its source ?
  • What authority does it carry ?
  • Does stronger evidence override it ?
  • Is it scoped to this workflow ?
  • Has it expired ?
  • Has it been superseded ?
  • Should it be summarized ?
  • Should it be hidden ?
  • Should it trigger a human review ?

Only after those checks should memory enter the model context.

This is the difference between retrieval and governed recall.

Retrieval says:

"This looks similar".

Governed recall says:

"This is allowed, relevant, current, scoped, and trustworthy enough to influence this task".


Memory Is Policy

Once agents start operating inside real workflows, memory becomes policy.

  • What the agent remembers determines what it believes.
  • What it believes influences what it does.
  • What it does affects real systems.

So memory is not neutral.

  • It is an operational control surface.
  • If an agent recalls the wrong thing, it may take the wrong action.
  • If it recalls stale state, it may repeat work.
  • If it recalls private information, it may leak data.
  • If it recalls a weak assumption as fact, it may produce bad decisions.
  • If it fails to recall an obligation at the right time, it may miss a commitment.

Memory shapes behavior.

That means memory needs governance.


The Future Problem: Knowing When to Remember

There is another layer beyond what to recall.

When should memory become active ?

Most systems retrieve memory reactively.

  1. A user asks something.
  2. The system searches.
  3. The model receives context.

But many organizational workflows require memory to activate later.

For example:

"Follow up with this customer if payment has not cleared by Friday".

That is not just a fact to store.

It is an intention with future activation conditions.

The memory should become relevant when time passes or when an event happens.

Most systems solve this with cron jobs, workflow engines, reminders, or external orchestration.

That works, but it shows something important:

Agent memory is not only about answering questions.

Sometimes memory needs to trigger action.

That is a much deeper problem.

And it is one of the reasons memory belongs in the runtime architecture, not only in the prompt.


A Better Mental Model

Instead of:

"The agent has memory".

Think:

"The system governs what the agent can recall".

This small shift changes the design.

  • The model is no longer treated as the owner of memory.
  • The runtime owns memory access.
  • The workflow owns state.
  • The tools produce evidence.
  • Permissions define boundaries.
  • Policies define authority.
  • The model receives curated context and reasons over it.

That is a much safer architecture.


Why This Matters

The AI World is moving very fast.

Every week, a new model appears.

  • A better brain.
  • A larger context window.
  • A stronger coding model.
  • A faster reasoning model.

Those improvements matter.

But smarter brains are not enough.

If AI Agents are going to operate inside real organizations, they need architecture around them.

  • They need permissions.
  • They need runtime boundaries.
  • They need workflow state.
  • They need evidence.
  • They need memory governance.
  • They need recall policies.

A powerful model without governed recall can still act on stale, unauthorized, or low-authority context.

That is not an intelligence problem.

That is a Systems Engineering problem.


Final Thought

AI agents do not need more memory by default.

  • They need better rules for what memory is allowed to become active.
  • They need memory with scope, provenance, freshness, permissions, authority, and evidence.
  • They need runtime-governed recall.

Because the real question is not:

"How much can the agent remember ?"

The real question is:

"Can we trust what the agent is allowed to recall ?"