Sign in Subscribe
AI

A persona is a container, not a costume

When most people say 'persona,' they mean a tone setting. I mean a room. Here's the difference, and why it's the whole game.

Sid Smith

8 min read
A persona is a container, not a costume

When I tell someone the next decade of AI hinges on personas, they usually nod politely and say something like, "right, like a system prompt that tells the model how to behave." And then we have ten different conversations because we're using the same word for two different things.

So let me draw the line now. The "persona" I'm building this whole series around is not a tone setting. It is not a costume the model puts on. It is not "act like a friendly assistant." A persona, the way I'm using the word, is a container. A room. With walls.

Inside the container Persona: Work Context what's in scope right now Memory what gets remembered Tools which apps it can reach Identity who it acts as Audit what gets logged Take any one out and the room leaks.
Inside the container: five pieces that have to be scoped together.

If that sounds dry, stick with me. The container framing is what makes everything else in the series (memory, MCP, identity, audit, all of it) actually fit together. Once you start thinking of personas as rooms, every other AI question I've found hard for the last three years gets simpler. Costume thinking gets you wrong-context outputs. Container thinking gets you a system that holds together when it scales.

Costume vs. container

The most common "persona" you see today goes something like this:

You are SunnyBot, a friendly customer service assistant for Acme Co. Be cheerful. Don't talk about competitors.

That's a costume. You put it on the model. The model says some lines. When the session ends, it comes off. The model can still see everything it always could, every tool, every memory, every embedding, every file. It just speaks differently while wearing it. Underneath the cheerful Acme tone. It's the same one-big-bowl AI from last week's piece. The voice changed. The walls didn't.

A container is something else entirely. When the AI is in a container, the room changed. The pile of context the model can see is different. The tools sitting on the table are different. The memories that come back when something jogs them are different. The name on the door (who the AI is acting as) is different. And the camera in the corner (what gets logged, who can audit it) is different too.

A costume is what the AI sounds like. A container is what the AI can reach, remember, and represent. Costume is style. Container is structure.

Once you see that distinction you can't unsee it. Most of the AI products on the market today sell you a costume and call it a persona. That's why so many of them feel impressive in demos and useless three weeks in. The costume doesn't actually fix the wrong-bowl problem. The container does.

What's inside the container

Let me walk through what I mean when I say a persona contains things. There are five pieces, and I think you need all five for the room metaphor to hold up.

Context. What the AI knows about right now, the current conversation, the current task, the current documents in scope. In a costume world. Every prompt has access to every context the system has. In a container world, context is bounded by the persona. My Family persona has the family group chat as context. My Work persona doesn't, and won't, regardless of how I phrase the prompt.

Memory. What the AI remembers across sessions. This is the part most people underestimate. If memory is shared globally and only the prompt changes per persona, the AI is still working from one bowl, it just sounds different while doing it. Memory has to be scoped to the persona, or none of this matters. My Personal persona remembers I prefer aisle seats. My Work persona has no business knowing that. (And if your AI's memory is one global pile today, you already know the awkwardness I'm talking about.)

Tools. Which connectors and apps the AI can call. (This is usually called MCP these days (the protocol that lets AI assistants talk to outside tools) if you want to look it up later.) My Family persona has the family calendar tool. It does not have the production database tool. My Work persona has the production database tool. It does not have the family calendar tool. The room determines which tools are on the table. The model literally cannot pick up a tool that isn't in the current room.

Identity. Who the AI is, when it acts. This is the part of the series I'm most opinionated about. When my Blogging persona replies to a comment, the reply is from my Blogging persona's own email address, not from sid@. That distinction is going to get a whole article next week, because every alternative ends up biting somebody. But it's part of the container: the room has a name on the door, and when the AI acts, it acts in the name of the room.

Audit. What gets logged, for who, and for how long. The room has a camera in the corner. The Family persona's actions are logged separately from the Work persona's. When the auditor (or, more often, future-you in three months trying to figure out what happened) asks "what did the AI do," the answer is room-by-room, not a single chaotic timeline.

Take any one of those five away and the room starts to leak. Take the walls off memory and the work AI starts referencing the personal context. Take the walls off tools and a household-level AI suddenly has reach into work systems. Take the walls off identity and nobody can tell who actually did what. Take the walls off audit and you can't reconstruct anything. The container framing only works because all five are scoped together.

Personal, Work, Family at the top, projects nested inside

The way I lay this out, the top level is the broad shape of your life. For me that's three rooms: Personal, Work, Family. For someone running a side business it might be four: Personal, Day Job, Side Business, Family. For someone running an enterprise it might be many: each functional team gets its own top-level room, sometimes each customer too.

Within each top-level persona, projects nest inside. The Family persona contains the "kid's birthday party" project. The Work persona contains the "Q3 launch" project. Projects are smaller rooms inside the big room. They inherit the walls of the parent, the kid's birthday party can see the family calendar but not the work calendar, because it's inside Family. And they add their own narrower walls, the birthday party doesn't have access to the mortgage docs even though those are also inside Family.

I'll dig deeper into the project nesting later in the series. See Projects: the second axis of persona scope for the longer version.

The thing I want to land here is the shape: top-level personas as rooms, projects as smaller rooms inside. Not flat. Not infinite. Just enough nesting to give scope a natural place to live.

Why the costume framing is still everywhere

If containers are obviously better, why does costume thinking dominate?

Three reasons, I think.

The first is that costumes are easy to ship. A system prompt change is a config edit. A container is an architectural commitment, memory, tools, identity, audit all have to know about the persona too. That's a bigger lift, and the product roadmap of most AI tools doesn't have a slot for "rebuild the foundation."

The second is that costumes demo well. "Watch SunnyBot answer in our brand voice" is a great two-minute demo. "Watch our Family persona refuse to surface a work doc even when asked directly" is a harder demo to construct, and the result looks like nothing happened. The absence of a leak is hard to applaud.

The third is that the word persona already had a meaning in marketing (buyer personas, user personas) that's basically about archetypes and tone. So when AI product teams reached for the word, they imported the marketing framing. That framing was about who the audience sounds like, not about what the system is allowed to see. The word came with the wrong baggage.

I'm trying to take the word back. A persona is a room. The room has walls. The walls are real. That's the thing.

Costume vs. Container Costume AI badge: Friendly / Formal calendar mail db photos files code wallet notes links reach: everything Container Personal Work Family AI jira calendar repo Slack reach: this room only Same model. The voice changes vs. the reach changes.
Same model. The voice changes vs. the reach changes.

What this looks like at three scales

Personal. My Personal persona doesn't know my work calendar. That's the point. On a Saturday, I don't want to be reminded of Monday's next 1:1 while I'm trying to plan something outside of work. I don't want my reading list polluted with article recommendations an employer would want me to read. The walls between Personal and Work aren't a security feature, they're a quality of life feature. When I switch personas, I'm not just changing what the AI sounds like. I'm changing what part of life is in the room.

Small Business. If you run a side business, the business persona keeps client material out of personal search. Your client work is a real container, with its own clients-only memory, its own invoicing tools, its own brand voice (yes, fine, that is a costume, and it lives inside the container, costumes are allowed, they're just not the whole story). When you wake up Saturday morning and ask your AI "what's on for this weekend," you don't want the answer to include "client deliverable due Tuesday" unless you stepped into the Business room first. The Business room knows about Tuesday. The Personal room you wake up into doesn't.

Enterprise. At a real company, this is the difference between SOC 2 scope and not. The Engineering persona has tools that the Marketing persona does not. The Customer Success persona has memory about customers that the Recruiting persona does not. When your auditor asks "how do you enforce least privilege for AI access" (the principle that any account should only have the access it needs, nothing more, if you want to look it up later), the answer cannot be "we tell the model not to look at things." The answer has to be "the AI in this room cannot see those things, because the room walls don't have doors to them." That's a container answer. A costume answer doesn't survive contact with a real auditor.

The one-line test

If you want a one-line test to tell costume thinking from container thinking, here it is:

Does the model's reach change when the persona changes, or just its voice?

If only the voice changes. It's a costume. If the reach (what it can see, remember, call, and represent itself as) also changes. It's a container.

Most AI products today: voice changes. The container ones are still rare. They're going to stop being rare.

What I'd ask first if you're building this

If you're a personal user: look at your AI right now and ask, can it answer a Family question with Work memory? If yes, you're in a costume. Don't fix it today. But notice it.

If you're running a small business: ask whether your "client mode" and your "personal mode" actually have separate memory and separate tool access, or whether you've just trained yourself to phrase prompts differently between them. If you're carrying the wall in your head, you don't have a wall. You have a habit. Habits leak.

If you're at an enterprise: ask your AI platform team to show you the container, not the system prompt. "What can the Marketing persona's AI literally not call?" If the answer is "well, we tell it not to call those things in the prompt," you don't have a container yet. You have a request.

Next Tuesday: the part of this I'm most opinionated about. The room has a name on the door, and that name belongs to the AI, not to me. A persona is a first-class identity. The shared ai-bot@ service account is the anti-pattern. I'll walk through why.

Subscribe to Echoes of the machine

Enter your email
Subscribe