- Willison says context shouldn’t be free, so it’s essential to offload state.
- Offloading state means you might be constructing a reminiscence retailer (usually a vector retailer, typically a hybrid retailer, typically a relational database with embeddings and metadata).
- That retailer turns into each the agent’s mind and the attacker’s prize.
Most groups are presently bolting reminiscence onto brokers the way in which early internet apps bolted SQL onto varieties: shortly, optimistically, and with roughly the identical stage of enter sanitization (not a lot). That’s the reason I maintain insisting reminiscence is simply one other database downside. Databases have a long time of scar tissue, comparable to least privilege, row-level entry controls, auditing, encryption, retention insurance policies, backup and restore, information provenance, and governance.
Brokers want the identical scar tissue.
Additionally, keep in mind that reminiscence is not only “What did we speak about final time?” It’s id, permissions, workflow state, software traces, and a sturdy document of what the system did and why. As I famous lately, should you can’t replay the reminiscence state to debug why your agent hallucinated, you don’t have a system; you might have a on line casino.
