All Insights

ChatGPT Started Building Psychological Profiles of Your Team Two Days Ago

CivSafe Team·June 6, 2026·7 min read

Two days ago, OpenAI silently changed how ChatGPT remembers things. If you're running a small org and your staff use ChatGPT — through personal accounts, through Teams, through anything — the rules just changed in a way most people haven't noticed yet.

The update is called Dreaming V3. And the thing you need to understand about it is this: it doesn't wait for users to save memories. It watches every conversation and decides on its own what to remember about you.

What Actually Changed

Before June 4, ChatGPT's memory worked like a sticky note. You'd tell it something — "I prefer bullet points" or "I work at a nonprofit focused on housing" — and it would save that. You could see the list, edit it, delete anything you didn't want.

Dreaming V3 threw out the sticky notes. Instead, it runs a background process that reads across all of your conversation history and synthesizes a persistent user model. It updates that model automatically, without prompting. It refines it over time. And it injects what it has learned into the system context of every future conversation you have.

The stated goal is to make ChatGPT more helpful. "It knows you better." That framing is accurate. The part OpenAI didn't lead with is what "knowing you better" actually means at scale.

A February 2026 arXiv analysis looked at 2,050 real ChatGPT memory entries from 80 users. What they found:

  • 96% of memory entries were created unilaterally — not by the user, but by ChatGPT deciding to save something
  • 28% contained GDPR-defined personal data: names, locations, health references, financial details
  • 52% contained psychological insights: stress indicators, values inferences, communication style profiles, emotional patterns

That research came out before Dreaming V3. The manual memory system produced those numbers. The automated background synthesis system almost certainly does more.

The Audit Problem

Here's the part that should concern any compliance-minded person: the new memory summary page shows users a high-level overview of what ChatGPT thinks it knows. It does not show you the full psychological profile. It shows you highlights. The underlying inference model — what ChatGPT has concluded about your personality, decision-making style, stress triggers, relationships — isn't surfaced in full.

The TechTimes headline called it "Limits Audit Trail." That's the accurate read. You can see some of what it knows. You can delete individual visible entries. You cannot audit the complete inferred model.

For most consumer users, this is a minor annoyance. For a 15-person NGO whose staff have spent months discussing clients, funding strategies, internal conflicts, and program outcomes in ChatGPT — it's a different situation.

The Security Angle Nobody Is Talking About

Memory adds a new attack surface that most small orgs are not thinking about.

Here's how it works: if a staff member opens a malicious document in a ChatGPT session — an attached PDF, a summarized webpage, a pasted contract — a crafted prompt inside that document can instruct ChatGPT to write attacker-controlled content to persistent memory. That memory entry then executes in every future conversation that user has.

Security researchers demonstrated this in 2025: a poisoned document triggers memory update → memory entry instructs ChatGPT to forward conversation summaries to a URL → every future session leaks. The user sees nothing unusual. ChatGPT behaves normally. The leak persists until the memory entry is found and deleted.

With Dreaming V3, the memory system is larger and more opaque. The attack surface got bigger on June 4.

Why Small Orgs Are Specifically Exposed

Enterprise customers — organizations on ChatGPT Enterprise or Microsoft Copilot for Microsoft 365 — have contractual data isolation. Their conversations don't train models. Memory is scoped to the organization. They have admin tools to set retention policies.

Personal account users have none of that. And the uncomfortable reality in most small orgs is that employees are using personal ChatGPT accounts for work all day. We've written about shadow AI before. The pattern is universal: IT hasn't issued approved tools, budget hasn't been approved for enterprise licenses, and people are using whatever gets the job done.

Those personal accounts now carry synthesized work histories. Client names, program details, donor conversations, grant strategy, internal tensions — whatever your team has typed into ChatGPT since they created their account is now being fed into a background process that builds an increasingly complete profile.

For NGOs working with vulnerable populations — addiction recovery, domestic violence, mental health, refugee services — the stakes are higher. Staff likely haven't shared clinical information in ChatGPT, but they may have discussed cases at a level of detail that would be uncomfortable if it ended up in a persistent, synthesized memory tied to a personal account that gets compromised.

What to Actually Do

Check what ChatGPT has on your team. Ask every staff member who uses ChatGPT to do this right now: Settings → Personalization → Memory → Manage Memories. What's there? How much is work-related?

Decide whether to disable memory entirely. Settings → Memory has a toggle. With it off, ChatGPT falls back to non-persistent context — no background synthesis, no profile. For most small org use cases, the convenience gain from persistent memory doesn't outweigh the data accumulation risk. Disable it for work use.

Enable Lockdown Mode for anything sensitive. OpenAI added an optional Lockdown Mode that restricts ChatGPT's network access — no live web browsing, no deep research, no agent mode. This blocks the class of prompt injection attacks that write to memory via external content. It's in Settings → Security. Turn it on if staff are pasting documents or summarizing external links.

Get off personal accounts for work use. ChatGPT Teams is $30/user/month. Data doesn't train models. Conversations are isolated to your org. Memory is admin-configurable. If you're a 10-person org spending three hours a day in ChatGPT, the cost is less than what you'd pay to deal with a privacy incident. Make the case to leadership now.

If you're EU-adjacent, do this before August 2. The EU AI Act's Article 50 transparency obligations take effect in two months. Chatbot systems that build persistent user profiles without disclosure are in the crosshairs. If your org works with EU-based partners, funders, or beneficiaries, the question of what your AI tools know about people connected to your work is no longer theoretical.

The Bigger Thing to Notice

OpenAI announced this as a feature improvement. In terms of personalization, it probably is one — ChatGPT genuinely does become more contextually useful when it knows your work style.

But feature improvements for consumer products often land differently in organizational contexts. When a tool builds a detailed psychological and behavioral model of your employees in the background, without asking, and the audit trail for that model is partial at best — that's not just a feature. It's a governance question.

Most small orgs don't have an AI governance policy. Most don't have an approved tools list. Most are operating on vibes and good intentions. That's fine until the thing you were using for convenience becomes the thing you have to explain to a funder, a regulator, or a data subject.

June 4 was a good day to have already thought about this. June 6 is the next best day.


We help small orgs — NGOs, public sector teams, SMBs — get their AI use under control before it becomes a compliance or security problem. Shadow AI audits, policy drafts, tool selection — done in a sprint, not a strategy deck. Reach out if you want help.

CivSafe — Strategic Innovation. Community Impact.