The lead who owns the agent.
Drop `ferryte test` into CI. The build breaks the moment a revoked source re-enters retrieval. Catch the leak in pre-prod, not in a Slack thread on Sunday.
Manifesto · v1
Your AI deleted the data.
The derived memories didn’t.
Pranav ChahalFounder, Ferryte4 min read
Modern AI agents do not just hold the data you gave them. They hold every summary, every embedding, every per-tenant fact they distilled from it. When you delete the original, those derivations stay behind — and the next retrieval brings them right back to the prompt.
We do not know this because we are guessing. We know it because the platforms themselves say so, in their own documentation, in 2025. Three different vendors, three different products, the same admission.
The platform vendors said it themselves
“Deleting an event doesn’t remove the structured information derived out of it from the long term memory.”
“Deleting an episode does not regenerate the shared node summaries that already absorbed it.”
“ASI06 — Memory poisoning. Persistent agent memory can absorb adversarial writes that survive normal cleanup.”
What this means in production
You ship a tool that lets a tenant revoke a document, or a customer hits the right-to-be-forgotten button, or a stale fact is supposed to be overwritten. Your delete API returns success. The row is gone.
Then your agent answers a question. The answer is sourced from a summary that was generated weeks ago. The summary absorbed a marker from the deleted document. The model has no idea anything was supposed to be forgotten. Neither does your test suite, because all your test suite checked was whether the row was missing.
The leak is not the model hallucinating. The leak is the model faithfully retrieving from a derivation that nobody knew existed.
Almost nobody tests for this in CI. The cost is exclusively borne at incident time — a confused customer, a screenshot in a Slack thread, an appsec ticket, a privacy regulator email.
Three buyers. One artifact.
The reviewer who unblocks the deal.
Replace “we delete the row, trust us” with a regenerated forgetting-test report, an explicit blind-spot map, and a coverage number. Security review goes from weeks to days.
The team that signs the receipt.
GDPR and CCPA right-to-be-forgotten don’t end at the row. Ferryte gives you transitive deletion evidence across raw stores, summaries, embeddings, and retrievals — and (in Enterprise) signed attestations.