Zep — governance posture

https://www.getzep.com/product/agent-memory/

Bi-temporal knowledge graph preserves full lineage of every stored fact — every memory write traceable and auditable by graph schema, not bolted-on logging. SOC 2 Type II; HIPAA BAA available; BYOK + VPC-isolated deployment for data residency.

At a glance

Type
Bi-temporal KG = structural provenance
Tier
T1
Created
2023 (Zep AI founded 2023; YC W24; bi-temporal governance posture described in product from 2024)
Latest release
not applicable — not OSS
License
not applicable — not OSS
GitHub
not applicable — no GitHub repo
Pricing
free: 2500 messages/mo; paid: $1.25/1000 messages; Enterprise: custom HIPAA BAA VPC
Funding
$500K pre-seed (YC W24 March 2024); total ~$3.5M

Taxonomy

storage
graph
retrieval
graph-traversal
persistence
long-term
update
append-only
unit
fact
governance
auditable
conflict
bi-temporal

When to use

Optimised for: governance + compliance + audit + adversarial hardening

Anti-fit: not for hobbyist / non-production use cases

Pros & cons

Pros

Bi-temporal graph IS the governance story — every memory write traceable by graph schema, not bolted-on logging; SOC 2 Type II + HIPAA + BYOK.

Cons

Governance is a property of Zep's architecture, not a separate product — you don't get the governance without adopting Zep itself.

Claims & capabilities

Provenance is structural. Threat model: exfiltration, HIPAA/SOC 2 compliance, audit trail gaps, explainability failures.

Technical surface

API surface
REST (typical SaaS REST + first-party SDK pattern; see vendor docs for language coverage)
Backend storage
Postgres + Neo4j
Deployment
SaaS cloud; self-hosted (Graphiti OSS); Enterprise: BYOC VPC
Embedding model
multiple supported
Multi-tenancy
namespace
MCP
native (first-party) — Graphiti MCP
A2A
no data — searched getzep.com/product/agent-memory, help.getzep.com, docs.getzep.com; A2A protocol not advertised
OpenTelemetry
no data — searched getzep.com/product/agent-memory, help.getzep.com, docs.getzep.com; OpenTelemetry export not advertised

Similar systems

Other memory governance, privacy & safety in the catalog, ranked by inbound references.

  • Acuvity (now Proofpoint) T1

    Runtime enforcement targeting memory poisoning, unauthorised execution, identity spoofing per the OWASP LLM threat list. Visibility/control over MCP servers and locally-installed AI tools — the infrastructure layer where memory is most exposed.

  • Enkrypt AI T1

    Applies guardrails at three points: (1) before write to vector DB, (2) before query reaches embedding model, (3) before response. Detects malicious instructions in stored memory before retrieval; scans for PII/PHI in/out. Text + image + voice modalities.

  • HiddenLayer AISec Platform 2.0 T1

    Targets the supply-chain / lineage layer rather than runtime memory writes. Model Genealogy tracks training/fine-tuning/modification history — catches poisoning baked in during training. AIBOM generates auditable inventory of model components + datasets. Runtime layer also monitors agentic workflows.

  • Lakera Guard / Lakera Red T1

    Screens every prompt, response, and retrieved document for indirect prompt injection — primary vector for memory poisoning. Treats memory as untrusted: anything written to or read from memory is adversarial until proven clean. Lakera Red provides "Agent Breaker" gamified red-teaming.

  • Mem0 Security / OpenMemory T1

    Commercial Mem0 ships SOC 2 / HIPAA, zero-trust access controls, BYOK encryption, real-time monitoring, audit logs, workspace governance as defaults. OpenMemory is the local self-hosted variant (Docker + FastAPI + Postgres + Qdrant) for privacy-first deployments.

  • Microsoft Agent Governance Toolkit T2

    Cross-Model Verification Kernel (CMVK) requires majority-voting agreement across multiple model calls before a memory-influenced action. Agent OS package intercepts every action (memory included) at sub-millisecond latency. MIT licensed.

Related systems

References (1)

  • Neo4j depends on at runtime — backend-storage cell: Postgres + Neo4j

Row last verified 2026-05-14. Catalog data is CC-BY-4.0 — see how to read this.