Google Gemini Enables Seamless Transfer of Chat History and Personal Data from Competing AI Services
What Happened – Google announced that Gemini now includes a “memory import” feature allowing users to pull chat histories, preferences, and personal context from other generative‑AI platforms such as ChatGPT and Claude. The import is performed via a simple prompt that extracts a summary of prior interactions and feeds it into Gemini, instantly personalising the new service.
Why It Matters for TPRM –
- Third‑party AI integrations create a new vector for inadvertent data leakage of proprietary or sensitive information.
- Vendors that adopt Gemini must assess whether imported memories contain regulated data (PII, PHI, financial details) that could violate compliance obligations.
- The feature is limited to personal Google accounts, but the global rollout still expands the attack surface for supply‑chain risk.
Who Is Affected – SaaS AI providers, enterprise customers using AI assistants, and any organization that permits employees to import personal AI data into corporate‑linked Google accounts.
Recommended Actions –
- Review internal policies on cross‑AI data migration and restrict imports to non‑sensitive contexts.
- Conduct a data‑classification audit of any content that could be pulled into Gemini.
- Verify that the “memory import” workflow complies with GDPR, CCPA, and industry‑specific regulations before enabling it for staff.
Technical Notes – The import uses a user‑generated prompt sent to the source AI, which then returns a summarised knowledge blob. No new CVEs are disclosed, but the process relies on the source AI’s export APIs and may expose stored conversation logs to the requesting party. The feature is unavailable for work, school, or supervised Google accounts and is blocked in the UK, Switzerland, and the EEA. Source: ZDNet Security