Memory governance, privacy & safety

8 systems in the memory governance, privacy & safety category of the AI Agent Infrastructure Landscape, grouped by maturity tier.

Tier 1 — battle-tested (6)

  • Acuvity (now Proofpoint) MCP / Shadow-AI runtime enforcement

    Runtime enforcement targeting memory poisoning, unauthorised execution, identity spoofing per the OWASP LLM threat list. Visibility/control over MCP servers and locally-installed AI tools — the infrastructure layer where memory is most e…

  • Enkrypt AI Three-point RAG / memory pipeline guardrails

    Applies guardrails at three points: (1) before write to vector DB, (2) before query reaches embedding model, (3) before response. Detects malicious instructions in stored memory before retrieval; scans for PII/PHI in/out. Text + image + …

  • HiddenLayer AISec Platform 2.0 Model Genealogy + AIBOM (supply-chain layer)

    Targets the supply-chain / lineage layer rather than runtime memory writes. Model Genealogy tracks training/fine-tuning/modification history — catches poisoning baked in during training. AIBOM generates auditable inventory of model compo…

  • Lakera Guard / Lakera Red Real-time prompt-injection + poisoning screen

    Screens every prompt, response, and retrieved document for indirect prompt injection — primary vector for memory poisoning. Treats memory as untrusted: anything written to or read from memory is adversarial until proven clean. Lakera Red…

  • Mem0 Security / OpenMemory SOC 2 + HIPAA + zero-trust + BYOK

    Commercial Mem0 ships SOC 2 / HIPAA, zero-trust access controls, BYOK encryption, real-time monitoring, audit logs, workspace governance as defaults. OpenMemory is the local self-hosted variant (Docker + FastAPI + Postgres + Qdrant) for …

  • Zep — governance posture Bi-temporal KG = structural provenance

    Bi-temporal knowledge graph preserves full lineage of every stored fact — every memory write traceable and auditable by graph schema, not bolted-on logging. SOC 2 Type II; HIPAA BAA available; BYOK + VPC-isolated deployment for data resi…

Tier 2 — production-ready (1)

  • Microsoft Agent Governance Toolkit Cross-Model Verification Kernel + Agent OS

    Cross-Model Verification Kernel (CMVK) requires majority-voting agreement across multiple model calls before a memory-influenced action. Agent OS package intercepts every action (memory included) at sub-millisecond latency. MIT licensed.

Tier 3 — emerging (1)

  • OWASP Agent Memory Guard Declarative YAML policies + SHA-256 baselines

    Open-source runtime defense. Enforces YAML policies on every memory read/write. SHA-256 baselines detect tampering, injection, sensitive-data leakage, protected-key modification, rapid-change anomalies. Forensic snapshots + rollback. Ref…