diff --git a/backend/app/api/endpoints/ai_sessions.py b/backend/app/api/endpoints/ai_sessions.py
index 38ca0286..8338ab3f 100644
--- a/backend/app/api/endpoints/ai_sessions.py
+++ b/backend/app/api/endpoints/ai_sessions.py
@@ -762,13 +762,13 @@ async def search_sessions(
     limit: int = Query(5, ge=1, le=20),
 ):
     """Search AI sessions by content using full-text search. Used by Command Palette."""
+    # Sessions are user-scoped. The list endpoint uses user_id only;
+    # search must be consistent. Cross-user access requires explicit
+    # escalation or session sharing — not ambient account membership.
     result = await db.execute(
         select(AISession)
         .where(
-            or_(
-                AISession.user_id == current_user.id,
-                AISession.account_id == current_user.account_id,
-            ),
+            AISession.user_id == current_user.id,
             text("ai_sessions.search_vector @@ plainto_tsquery('english', :q)"),
         )
         .params(q=q)