Opal: Private Memory for Personal AI

TL;DR

Opal is a private memory system for personal AI that enhances data privacy and retrieval accuracy by combining trusted enclaves with oblivious memory access, enabling scalable and secure long-term user data management.

Contribution

It introduces a novel architecture that decouples data-dependent reasoning from personal data, using trusted enclaves and oblivious RAM to improve privacy and efficiency.

Findings

Opal improves retrieval accuracy by 13 percentage points over semantic search.

It achieves 29x higher throughput and 15x lower infrastructure cost than a secure baseline.

Evaluations show Opal effectively manages continuous data ingestion and personal context.

Abstract

Personal AI systems increasingly retain long-term memory of user activity, including documents, emails, messages, meetings, and ambient recordings. Trusted hardware can keep this data private, but struggles to scale with a growing datastore. This pushes the data to external storage, which exposes retrieval access patterns that leak private information to the application provider. Oblivious RAM (ORAM) is a cryptographic primitive that can hide these patterns, but it requires a fixed access budget, precluding the query-dependent traversals that agentic memory systems rely on for accuracy. We present Opal, a private memory system for personal AI. Our key insight is to decouple all data-dependent reasoning from the bulk of personal data, confining it to the trusted enclave. Untrusted disk then sees only fixed, oblivious memory accesses. This enclave-resident component uses a lightweight knowledge graph to capture personal context that semantic search alone misses and handles continuous ingestion by piggybacking reindexing and capacity management on every ORAM access. Evaluated on a comprehensive synthetic personal-data pipeline driven by stochastic communication models, Opal improves retrieval accuracy by 13 percentage points over semantic search and achieves 29x higher throughput with 15x lower infrastructure cost than a secure baseline. Opal is under consideration for deployment to millions of users at a major AI provider.