This work addresses the privacy risks inherent in existing unified AI memory systems, which, while enhancing cross-agent collaboration efficiency, centralize user data and struggle to balance personalization with data sovereignty. To resolve this tension, the paper proposes a zero-trust AI memory architecture grounded in a five-layer abstraction—storage, extraction, learning, retrieval, and governance—where each layer is fortified with Trusted Execution Environments (TEEs) to unify local-level security with efficient collaboration. Key innovations include the “Context from MemTrust” cross-application sharing protocol, a side-channel-resistant retrieval mechanism that obfuscates access patterns, and end-to-end encryption. The design enables low-cost migration for third-party systems, effectively safeguarding user data sovereignty while maintaining system-wide trustworthiness and improving collaborative performance.

AI memory systems are evolving toward unified context layers that enable efficient cross-agent collaboration and multi-tool workflows, facilitating better accumulation of personal data and learning of user preferences. However, centralization creates a trust crisis where users must entrust cloud providers with sensitive digital memory data. We identify a core tension between personalization demands and data sovereignty: centralized memory systems enable efficient cross-agent collaboration but expose users'sensitive data to cloud provider risks, while private deployments provide security but limit collaboration. To resolve this tension, we aim to achieve local-equivalent security while enabling superior maintenance efficiency and collaborative capabilities. We propose a five-layer architecture abstracting common functional components of AI memory systems: Storage, Extraction, Learning, Retrieval, and Governance. By applying TEE protection to each layer, we establish a trustworthy framework. Based on this, we design MemTrust, a hardware-backed zero-trust architecture that provides cryptographic guarantees across all layers. Our contributions include the five-layer abstraction,"Context from MemTrust"protocol for cross-application sharing, side-channel hardened retrieval with obfuscated access patterns, and comprehensive security analysis. The architecture enables third-party developers to port existing systems with acceptable development costs, achieving system-wide trustworthiness. We believe that AI memory plays a crucial role in enhancing the efficiency and collaboration of agents and AI tools. AI memory will become the foundational infrastructure for AI agents, and MemTrust serves as a universal trusted framework for AI memory systems, with the goal of becoming the infrastructure of memory infrastructure.