MemLineage: Cryptographic Defense for LLM Agent Memory
MemLineage serves as a defense mechanism for the memory of LLM agents, incorporating cryptographic provenance and lineage for every memory entry. It tackles the challenge of unreliable content being stored in the persistent state of agents, which may resurface in future sessions as directives. Rather than employing filtering, MemLineage approaches this as a chain-of-custody issue. The architecture consists of six modules built around an RFC-6962 Merkle log with Ed25519-signed entries for each principal. A weighted derivation DAG tracks the influence of retrieved entries on new memories, while a max-of-strong-edges propagation rule guarantees that Untrusted-Path Persistence is maintained for any chain with attribution edges above a certain threshold. The sensitive-action gate blocks any dispatches justified by external sources.
Key facts
- MemLineage attaches cryptographic provenance and LLM-mediated derivation lineage to every memory entry.
- It addresses untrusted content written into persistent agent state.
- The system uses a six-module design around an RFC-6962 Merkle log.
- Entries are signed with per-principal Ed25519 signatures.
- A weighted derivation DAG records which retrieved entries influenced each new memory.
- A max-of-strong-edges propagation rule ensures Untrusted-Path Persistence.
- The sensitive-action gate refuses dispatches with external justification.
- MemLineage treats the problem as chain-of-custody rather than filtering.
Entities
—