> **Agent?** Fastest path: MCP at `https://api.mnemom.ai/mcp` — call `get_started` first (zero-auth, no args). Full agent guide: # Trust Center ```json {"@context":"https://schema.org","@type":"WebPage","name":"Trust Center \u2014 Mnemom","description":"Mnemom's security architecture, version policy, responsible disclosure SLA, bug bounty scope, compliance attestations, and SBOM publishing. The trust surface for regulators, auditors, and security researchers.","url":"https://trust.mnemom.ai/","inLanguage":"en-US","dateModified":"2026-06-13","publisher":{"@type":"Organization","@id":"https://www.mnemom.ai#organization","name":"Mnemom","url":"https://www.mnemom.ai"}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.mnemom.ai/"},{"@type":"ListItem","position":2,"name":"Trust Center","item":"https://trust.mnemom.ai/"}]} ``` Trust Center # How Mnemom earns the trust we're asking you to give. Every claim on the marketing site maps to a code path, a doc page, and a test. This page is the entry point for the audit-grade surface: architecture, disclosure, attestations, and SBOMs. Everything live, dated, and replaceable. [security.txt](/.well-known/security.txt)[Report a vulnerability](#disclosure) Architecture ## The four checkpoints, in one diagram. Mnemom is a trust plane around your agent fleet. Every request crosses four checkpoints — front door, inside.autonomy (AIP), inside.integrity (AAP), back door — and every verdict is signed. ### Front door Inbound message screening — every prompt and tool result reaching your agent is evaluated for prompt injection, social engineering, indirect injection, and tool-call coercion. Verdict signed Ed25519. ### Inside · autonomy · AIP Agent Integrity Protocol evaluates the agent's thinking against its Alignment Card on every turn. Drift, value misalignment, and boundary violations surface in the signed decision trace. ### Inside · integrity · AAP Agent Alignment Protocol records AP-Traces post-hoc and verifies behavioral consistency against the card. The audit chain links AIP checkpoints to AAP traces by \`linked\_trace\_id\`. ### Back door Outbound response screening — every agent reply is evaluated against PII, secrets, alignment-card violations, and regulated-advice patterns before it leaves your perimeter. An unredacted leak cannot produce a valid signed certificate. ### Conscience Architecture Card (CAC) Every Mnemom deployment binds to a signed CAC declaring which checkpoints are active in which mode (off / observe / nudge / enforce / enforce\_sync). The CAC is published per tenant and is part of the verifiable trust posture. Version policy ## AAP + AIP version policy and protocol RFC process. Both protocols are versioned semver. Breaking changes go through a public RFC process before landing in a release. Minor versions add fields with default values; major versions can change wire format with a deprecation runway. - Minor version (1.X.0): additive — new fields, new enum values, new optional concern categories. Backward-compatible. - Patch version (1.0.X): bug fixes, doc updates. No schema changes. - Major version (X.0.0): wire-format change. Goes through a public RFC at github.com/mnemom/aap/discussions or aip/discussions. Minimum 90-day comment window before a v2 RC. - Deprecations: minimum 180 days from announcement to removal. Verdicts emitted under a deprecated version remain verifiable indefinitely. Currently published versions - npm: @mnemom/agent-alignment-protocol - npm: @mnemom/agent-integrity-protocol - npm: @mnemom/aip-verifier - PyPI: agent-alignment-protocol - PyPI: agent-integrity-proto [Open an RFC](https://github.com/mnemom/aap/discussions) Threat model ## What Mnemom is designed to prevent — and what it isn't. Public threat-model summary. The full document lives in the safe-house-hardening repo and is reviewed quarterly. T8 will publish the long-form version here. ### In scope (prevented by design) - Boundary violations — actions outside the agent's declared Alignment Card. - Prompt injection + indirect injection — adversarial inbound content. - Outbound data leakage — PII, secrets, alignment-card violations. - Behavioral drift — gradual deviation from the agent's baseline. - Verdict fabrication — the proof layer detects tampered or fabricated verdicts. - Cross-tenant data leakage — strict tenant boundaries on prompts, traces, alignment cards. ### Out of scope (honest disclosure) - ·LLM inference correctness — we prove the auditor's judgment, not the model's output. - ·Sophisticated steganographic reasoning — agents that reason invisibly evade thinking-block analysis. - ·Compromise of the underlying LLM provider's infrastructure. - ·Physical / supply-chain attacks against the customer's deployment. - ·Denial-of-service against Mnemom infrastructure (mitigated, not eliminated). Responsible disclosure ## Report a vulnerability — 90-day SLA. Coordinated disclosure protects everyone. We acknowledge fast, fix in public, and credit the reporter. 1. 1 Acknowledge within 3 business days. 2. 2 Confirm reproduction within 14 days. 3. 3 Fix or mitigation within 90 days of acknowledgment. 4. 4 Public disclosure: 90 days from acknowledgment, or sooner if the fix ships and customers are protected. [security@mnemom.ai](mailto:security@mnemom.ai)[Read security.txt](/.well-known/security.txt) PGP key available at mnemom.ai/.well-known/pgp-key.txt (when published) Bug bounty ## Good-faith disclosure program (formal bounty in scoping). A formal bug bounty program is in scoping. Until launch, we run a private good-faith disclosure process. Eligible reports get recognition in the hall of fame and may receive monetary recognition at our discretion. ### In scope - Gateway (gateway.mnemom.ai) — request signing, front-door inbound screening, attestation pipeline. - Observer + post-hoc analysis (api.mnemom.ai/v1/analyze) — verdict derivation, back-door outbound screening. - Control plane (api.mnemom.ai) — auth, billing, containment, audit logs. - SDKs (@mnemom/agent-alignment-protocol, @mnemom/agent-integrity-protocol) — verification logic, ZK proof verification. - On-chain contracts (MnemoReputationRegistry, MnemoMerkleAnchor on Base L2). - Marketing surfaces (mnemom.ai, app.mnemom.ai) — authentication, session management, RBAC. ### Out of scope - ·Rate-limiting and denial-of-service (mitigated by Cloudflare; not a bounty target). - ·Social engineering against employees. - ·Physical attacks against infrastructure. - ·Third-party services we depend on (Cloudflare, Supabase, Stripe, Resend, Anthropic, OpenAI). Report directly to the vendor. - ·Reports requiring access to a victim's email, device, or social account. Hall of fame — empty for now; reporters will be listed here with consent. Compliance ## Attestations and posture. Current compliance posture. We publish posture changes as they happen — readiness is not attestation. ### SOC 2 Type II Readiness in progress Audit in scoping. Will publish the report URL on completion. ### EU AI Act Articles 10, 12, Annex IV ready Enforcement for high-risk AI begins 2026-08-02. AEGIS produces the audit chain (Article 12), governance event records (Article 10), and technical documentation (Annex IV) the Act requires. Full mapping above. ### HIPAA HIPAA-compatible flows DLP detectors for PHI patterns. BAA available on Enterprise. Not a covered entity ourselves. ### ISO 42001 Mapping published AI management system mapping under review. Certification path TBD. ### NIST AI RMF 1.0 Aligned GOVERN + MAP function mappings published in safe-house-hardening. AEGIS Network Status ## Seven SLOs for the cross-tenant defensive network. AEGIS — the cross-tenant security network that wraps Safe House — carries its own published SLOs. Targets are defined; first measurements publish 30 days post-GA. The full table, source code, and historical data live at /trust/slos. ### Managed Rule propagation P95 ≤ 30s Signed promotion to gateway-loaded, through two independent signed delivery paths. Measurement pending ### Rule-set freshness P99 ≤ 5 min Under normal operation, across the gateway fleet. Measurement pending ### Staleness alert P0 at 24h On-call paged when any gateway's recipe set is 24 hours stale. Measurement pending ### Failover availability 99.99% Gateway successfully loads a verified rule set across multiple independent read tiers. Measurement pending ### Signature verification ≥ 99.99% Signature failure triggers P0 and R2 fallback with an independent signing chain. Measurement pending ### Recipe false-positive rate Rolling 7-day FP per recipe Auto-rollback when a recipe's FP ratio crosses the per-tier threshold (CLPI Phase 2). Measurement pending ### Mutation-phase gate Sustained detection threshold Per-bucket arena detection rate entry/exit. Per (substrate × vertical × pattern × source). Measurement pending Measurement pending First 30-day measurement window publishes 30 days post-GA. We do not pre-announce numbers we cannot defend. SLO source code, measurement queries, and historical data publish at /trust/slos/history once the window closes. [Full SLO table](/trust/slos)[Advisories](/trust/advisories)[IoC feed (STIX 2.1)](/trust/iocs) EU AI Act ## Articles 10, 12, and Annex IV — what AEGIS provides. EU AI Act enforcement for high-risk AI systems begins 2026-08-02. Three provisions are load-bearing for any agent infrastructure: data governance (Article 10), record-keeping (Article 12), and technical documentation (Annex IV). AEGIS produces the verifiable evidence each requires. Compliance is jointly your responsibility and ours; the table below names what we provide. Article 10 ### Data governance for high-risk AI Append-only governance event chain — every recipe promotion, retirement, mode change, and reviewer action is Ed25519-signed and chained. Writer-identity stamping isolates arena, customer, and operator signal sources at the schema level. Article 12 ### Record-keeping and traceability Signed audit chain across the lifecycle — promotion signature, KV envelope signature, R2 envelope signature on independent keys, per-gateway evaluation rows stamped with substrate fingerprint and writer identity. Records are queryable, replayable, and tamper-evident. Annex IV ### Technical documentation Public advisory CMS at /trust/advisories with signed post-incident write-ups, machine-readable IoC feed at /v1/trust/iocs (STIX 2.1), and published SLOs at /trust/slos. The technical documentation auditors look for is the same documentation customers and agents read. Not legal advice. This page names the evidence AEGIS produces; obligations under the Act remain the deployer's. EU AI Act references: Articles 10, 12, and Annex IV. Enforcement of high-risk obligations begins 2026-08-02. Reliability ## Service-level objectives. The targets Mnemom commits to publicly are the same targets the validation harness asserts in CI. Live current state is on status.mnemom.ai; the commitments and rationale are documented here. [Read the SLO commitments](/trust/slos)[Live status](https://status.mnemom.ai) Supply chain ## SBOM publishing per release. Every gateway worker release and every SDK version ships with a CycloneDX SBOM. Per-release SBOMs are linked from the release page on GitHub. - Gateway SBOMs · github.com/mnemom/mnemom-platform/releases - AAP SBOMs · github.com/mnemom/aap/releases - AIP SBOMs · github.com/mnemom/aip/releases SBOMs are CycloneDX 1.5 JSON. We commit to publishing per release; we do not commit to embedding the SBOM in a TUF or in-toto attestation today (under consideration). Last updated 2026-05-23. This page evolves alongside the safe-house-hardening track. Audited quarterly · next refresh July 2026 [Marketing claim inventory →](/research) --- _Source: /trust/index.html · Generated by build-markdown-mirrors.mjs · For agent-readability commitment #4 see https://www.mnemom.ai/for-agents/_