Skip to content

Memory audit · v0.1 preview

Your AI assistants remember more than you think.

Smelten audits the memories stored inside Claude, ChatGPT, Copilot, and Gemini across your organization. It surfaces stale facts, orphaned memories from departed employees, and the quiet signatures of memory poisoning.

Request audit Read the methodology

The problem

Assistant memory is instrumentation nobody reads.

01 / ACCUMULATION

Silent accumulation

Enterprise AI assistants accept facts from every session. Most users cannot open the store to see what is there. The contents only grow, and the assistant keeps answering with whatever is inside.

02 / DEPARTURE

Orphaned after departure

An employee leaves. Their assistant memories stay. When a colleague asks a related question, those memories still answer. Nobody marked them for removal, because nobody saw them.

03 / SIGNATURE

Poisoning leaves a signature

A prompt injection plants a fact that looks ordinary. Without instrumentation, it reads the same as anything else in memory. The signature is there, faint, and only visible under inspection.

What Smelten inspects

Six classes of memory. Six questions. One report per workspace.

Stored user facts
age · reference count · newer contradicting signal
stale_fact
Project memories
owner employment status · shared scope
orphaned_memory
Preference flags
drift vs observed behavior
divergence_score
Instruction memories
injection signature · credential-like patterns
poisoned_memory
Cross-chat references
leak potential across workspaces
scope_violation
Memory totals
aggregates per workspace · per assistant
audit_summary

Cross-section

A thin slice of a workspace's memory, viewed through instrumentation.

Each row is a class. Each cell is one memory. Flagged items sit in amber.

Memory cross-section Four horizontal bands representing memory types. Each band contains cells; amber cells indicate flagged entries. stale: 47 orphaned: 12 poisoned: 2 ordinary: 1,284

audit / claude · workspace: operations · 1,345 memories

61 flagged · 1,284 ordinary

How it works

Four steps from connection to approved purge.

  1. 01

    Connect

    Read-only OAuth to each assistant's memory store. No writes, ever. Nothing leaves your region.
  2. 02

    Scan

    Every memory item classified against the Smelten signature library. Stale, orphaned, poisoned, or ordinary.
  3. 03

    Review

    A plain-English audit report with the finding that led to each classification.
  4. 04

    Purge

    You approve what leaves. Smelten never removes a memory without your sign-off.

Trust

What we touch. What we retain. What we cannot do.

Read-only, always
We do not write, modify, or delete memories. Purges happen only after you approve each one.
Metadata over content
Memory text is hashed and summarized. Full-text retention is opt-in, per workspace.
Your region, your data
Findings return to you. Nothing is retained on our side beyond audit metadata.
SOC 2 path in progress
Type I target: Q4 2026. Type II follows. We will not claim certification we do not hold.

Pricing

One tier while we build. Enterprise when you need it.

Starter

$0 / workspace / during early access
  • Up to 3 connected assistants
  • Monthly audit, delivered as report
  • Metadata-only retention by default
  • Email support, direct line to the team
Request audit

Enterprise

Talk to us
  • All connected assistants, all workspaces
  • Continuous audit with change alerts
  • SSO, custom retention, regional residency
  • Shared channel with our team
Contact the team

Request audit

Start with one workspace.

Early access is free while we build v0.1. You receive the first audit and a direct line to the team.

One email when v0.1 is ready. That is it.