Developer builds AI memory auditor to verify data deletion under GDPR compliance
A developer built a tool called Lethe during a Cognee hackathon to test whether AI systems can cryptographically prove they have forgotten a user's data after deletion requests. The project was motivated by legal obligations under GDPR Article 17 and India's DPDP Act 2023, both of which grant users a right to erasure, with European regulators making enforcement a priority in 2026. Lethe uses an automated auditor agent that fires 15 standardised probes at an AI memory system before and after deletion, scoring each response as either a data leak or safe. Testing revealed that standard record deletion left residual references to a user embedded in other customers' data within the knowledge graph, producing an incomplete erasure verdict. A full cascade deletion that redacted all cross-references across the graph reduced leaked probes from 15 to zero, generating a verifiable erasure certificate.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in