arXiv: Remembering More, Risking More — Longitudinal Safety in Memory Agents
AI relevance: Deployed LLM agents that accumulate memory across sessions show safety violation rates that grow over time — meaning every memory-augmented agent (including OpenClaw) becomes riskier the longer it runs without memory hygiene controls.
Published May 18, 2026 (arXiv:2605.17830), this paper introduces temporal memory contamination — a failure mode where a single agent serving many independent tasks gradually accumulates memory that contaminates its behavior on later, unrelated tasks. Unlike prompt injection or memory poisoning that target a single interaction, this risk is structural and unavoidable without explicit controls.
- The researchers evaluated eight memory architectures plus Claw-like agents using OpenClaw's native memory mechanism, showing that memory-enabled agents consistently exceed a NullMemory baseline in safety violations.
- Memory-induced violation rates show a robust upward trend with exposure length — the more content the agent stores, the more likely it is to behave unsafely on subsequent tasks.
- Order-randomization experiments prove the effect is driven by accumulated content volume, not by encounter sequence — meaning shuffling memory entries won't fix it.
- Evaluated across records, memos, forms, and email correspondence scenarios, with results consistent across all domains.
- Key finding: memory-induced risk is detectable from the retrieval state before generation begins, enabling a high-recall diagnostic monitor.
- The paper argues memory safety must be treated as a longitudinal property requiring temporal evaluation, not a snapshot property.
Why it matters
Most agent deployments assume safety evaluations are point-in-time. This paper shows that a memory-augmented agent that passed safety review on day one can fail on day thirty purely from accumulated content drift — without any adversarial input. For platforms like OpenClaw, this means memory pruning, retention policies, and periodic re-evaluation are operational security requirements, not just UX features.
What to do
- Implement memory retention limits and periodic pruning for long-running agents
- Use retrieval-state monitoring as an early warning signal for memory-induced risk before generation occurs
- Treat memory safety as a continuous metric, not a launch-gate checklist item
- For multi-tenant systems, enforce memory isolation between tasks to prevent cross-contamination