Trust Center

How Mnemom earns the trust we're asking you to give.

Every claim on the marketing site maps to a code path, a doc page, and a test. This page is the entry point for the audit-grade surface: architecture, disclosure, attestations, and SBOMs. Everything live, dated, and replaceable.

security.txtReport a vulnerability
Architecture

The four checkpoints, in one diagram.

Mnemom is a trust plane around your agent fleet. Every request crosses four checkpoints — front door, inside.autonomy (AIP), inside.integrity (AAP), back door — and every verdict is signed.

Front door

Inbound message screening — every prompt and tool result reaching your agent is evaluated for prompt injection, social engineering, indirect injection, and tool-call coercion. Verdict signed Ed25519.

Inside · autonomy · AIP

Agent Integrity Protocol evaluates the agent's thinking against its Alignment Card on every turn. Drift, value misalignment, and boundary violations surface in the signed decision trace.

Inside · integrity · AAP

Agent Alignment Protocol records AP-Traces post-hoc and verifies behavioral consistency against the card. The audit chain links AIP checkpoints to AAP traces by `linked_trace_id`.

Back door

Outbound response screening — every agent reply is evaluated against PII, secrets, alignment-card violations, and regulated-advice patterns before it leaves your perimeter. An unredacted leak cannot produce a valid signed certificate.

Conscience Architecture Card (CAC)

Every Mnemom deployment binds to a signed CAC declaring which checkpoints are active in which mode (off / observe / nudge / enforce / enforce_sync). The CAC is published per tenant and is part of the verifiable trust posture.

Version policy

AAP + AIP version policy and protocol RFC process.

Both protocols are versioned semver. Breaking changes go through a public RFC process before landing in a release. Minor versions add fields with default values; major versions can change wire format with a deprecation runway.

  • Minor version (1.X.0): additive — new fields, new enum values, new optional concern categories. Backward-compatible.
  • Patch version (1.0.X): bug fixes, doc updates. No schema changes.
  • Major version (X.0.0): wire-format change. Goes through a public RFC at github.com/mnemom/aap/discussions or aip/discussions. Minimum 90-day comment window before a v2 RC.
  • Deprecations: minimum 180 days from announcement to removal. Verdicts emitted under a deprecated version remain verifiable indefinitely.
Currently published versions
  • npm: @mnemom/agent-alignment-protocol
  • npm: @mnemom/agent-integrity-protocol
  • npm: @mnemom/aip-verifier
  • PyPI: agent-alignment-protocol
  • PyPI: agent-integrity-proto
Open an RFC
Threat model

What Mnemom is designed to prevent — and what it isn't.

Public threat-model summary. The full document lives in the safe-house-hardening repo and is reviewed quarterly. T8 will publish the long-form version here.

In scope (prevented by design)

  • Boundary violations — actions outside the agent's declared Alignment Card.
  • Prompt injection + indirect injection — adversarial inbound content.
  • Outbound data leakage — PII, secrets, alignment-card violations.
  • Behavioral drift — gradual deviation from the agent's baseline.
  • Verdict fabrication — the proof layer detects tampered or fabricated verdicts.
  • Cross-tenant data leakage — strict tenant boundaries on prompts, traces, alignment cards.

Out of scope (honest disclosure)

  • ·LLM inference correctness — we prove the auditor's judgment, not the model's output.
  • ·Sophisticated steganographic reasoning — agents that reason invisibly evade thinking-block analysis.
  • ·Compromise of the underlying LLM provider's infrastructure.
  • ·Physical / supply-chain attacks against the customer's deployment.
  • ·Denial-of-service against Mnemom infrastructure (mitigated, not eliminated).
Responsible disclosure

Report a vulnerability — 90-day SLA.

Coordinated disclosure protects everyone. We acknowledge fast, fix in public, and credit the reporter.

  1. 1
    Acknowledge within 3 business days.
  2. 2
    Confirm reproduction within 14 days.
  3. 3
    Fix or mitigation within 90 days of acknowledgment.
  4. 4
    Public disclosure: 90 days from acknowledgment, or sooner if the fix ships and customers are protected.
[email protected]Read security.txt

PGP key available at mnemom.ai/.well-known/pgp-key.txt (when published)

Bug bounty

Good-faith disclosure program (formal bounty in scoping).

A formal bug bounty program is in scoping. Until launch, we run a private good-faith disclosure process. Eligible reports get recognition in the hall of fame and may receive monetary recognition at our discretion.

In scope

  • Gateway (gateway.mnemom.ai) — request signing, front-door inbound screening, attestation pipeline.
  • Observer + post-hoc analysis (api.mnemom.ai/v1/analyze) — verdict derivation, back-door outbound screening.
  • Control plane (api.mnemom.ai) — auth, billing, containment, audit logs.
  • SDKs (@mnemom/agent-alignment-protocol, @mnemom/agent-integrity-protocol) — verification logic, ZK proof verification.
  • On-chain contracts (MnemoReputationRegistry, MnemoMerkleAnchor on Base L2).
  • Marketing surfaces (mnemom.ai, app.mnemom.ai) — authentication, session management, RBAC.

Out of scope

  • ·Rate-limiting and denial-of-service (mitigated by Cloudflare; not a bounty target).
  • ·Social engineering against employees.
  • ·Physical attacks against infrastructure.
  • ·Third-party services we depend on (Cloudflare, Supabase, Stripe, Resend, Anthropic, OpenAI). Report directly to the vendor.
  • ·Reports requiring access to a victim's email, device, or social account.

Hall of fame empty for now; reporters will be listed here with consent.

Compliance

Attestations and posture.

Current compliance posture. We publish posture changes as they happen — readiness is not attestation.

SOC 2 Type II

Readiness in progress

Audit in scoping. Will publish the report URL on completion.

EU AI Act

Articles 10, 12, Annex IV ready

Enforcement for high-risk AI begins 2026-08-02. AEGIS produces the audit chain (Article 12), governance event records (Article 10), and technical documentation (Annex IV) the Act requires. Full mapping above.

HIPAA

HIPAA-compatible flows

DLP detectors for PHI patterns. BAA available on Enterprise. Not a covered entity ourselves.

ISO 42001

Mapping published

AI management system mapping under review. Certification path TBD.

NIST AI RMF 1.0

Aligned

GOVERN + MAP function mappings published in safe-house-hardening.

AEGIS Network Status

Seven SLOs for the cross-tenant defensive network.

AEGIS — the cross-tenant security network that wraps Safe House — carries its own published SLOs. Targets are defined; first measurements publish 30 days post-GA. The full table, source code, and historical data live at /trust/slos.

Managed Rule propagation

P95 ≤ 30s

Signed promotion to gateway-loaded, through two independent signed delivery paths.

Measurement pending

Rule-set freshness

P99 ≤ 5 min

Under normal operation, across the gateway fleet.

Measurement pending

Staleness alert

P0 at 24h

On-call paged when any gateway's recipe set is 24 hours stale.

Measurement pending

Failover availability

99.99%

Gateway successfully loads a verified rule set across multiple independent read tiers.

Measurement pending

Signature verification

≥ 99.99%

Signature failure triggers P0 and R2 fallback with an independent signing chain.

Measurement pending

Recipe false-positive rate

Rolling 7-day FP per recipe

Auto-rollback when a recipe's FP ratio crosses the per-tier threshold (CLPI Phase 2).

Measurement pending

Mutation-phase gate

Sustained detection threshold

Per-bucket arena detection rate entry/exit. Per (substrate × vertical × pattern × source).

Measurement pending
Measurement pending

First 30-day measurement window publishes 30 days post-GA. We do not pre-announce numbers we cannot defend. SLO source code, measurement queries, and historical data publish at /trust/slos/history once the window closes.

Full SLO tableAdvisoriesIoC feed (STIX 2.1)
EU AI Act

Articles 10, 12, and Annex IV — what AEGIS provides.

EU AI Act enforcement for high-risk AI systems begins 2026-08-02. Three provisions are load-bearing for any agent infrastructure: data governance (Article 10), record-keeping (Article 12), and technical documentation (Annex IV). AEGIS produces the verifiable evidence each requires. Compliance is jointly your responsibility and ours; the table below names what we provide.

Article 10

Data governance for high-risk AI

Append-only governance event chain — every recipe promotion, retirement, mode change, and reviewer action is Ed25519-signed and chained. Writer-identity stamping isolates arena, customer, and operator signal sources at the schema level.

Article 12

Record-keeping and traceability

Signed audit chain across the lifecycle — promotion signature, KV envelope signature, R2 envelope signature on independent keys, per-gateway evaluation rows stamped with substrate fingerprint and writer identity. Records are queryable, replayable, and tamper-evident.

Annex IV

Technical documentation

Public advisory CMS at /trust/advisories with signed post-incident write-ups, machine-readable IoC feed at /v1/trust/iocs (STIX 2.1), and published SLOs at /trust/slos. The technical documentation auditors look for is the same documentation customers and agents read.

Not legal advice. This page names the evidence AEGIS produces; obligations under the Act remain the deployer's. EU AI Act references: Articles 10, 12, and Annex IV. Enforcement of high-risk obligations begins 2026-08-02.

Reliability

Service-level objectives.

The targets Mnemom commits to publicly are the same targets the validation harness asserts in CI. Live current state is on status.mnemom.ai; the commitments and rationale are documented here.

Read the SLO commitmentsLive status
Supply chain

SBOM publishing per release.

Every gateway worker release and every SDK version ships with a CycloneDX SBOM. Per-release SBOMs are linked from the release page on GitHub.

  • Gateway SBOMs · github.com/mnemom/mnemom-platform/releases
  • AAP SBOMs · github.com/mnemom/aap/releases
  • AIP SBOMs · github.com/mnemom/aip/releases

SBOMs are CycloneDX 1.5 JSON. We commit to publishing per release; we do not commit to embedding the SBOM in a TUF or in-toto attestation today (under consideration).

Last updated 2026-05-23. This page evolves alongside the safe-house-hardening track.

Audited quarterly · next refresh July 2026

Marketing claim inventory

Featured on There's An AI For That