SShortSingh.
Back to feed

memlineage v0.1.0 offers two-layer defense against memory poisoning in LLM agents

0
·4 views

Developers have released memlineage v0.1.0, a Python library designed to protect AI agents with persistent memory from adversarial memory poisoning attacks that operate through normal interaction channels. The tool combines cryptographic provenance using Ed25519 signatures with behavioral detection based on tool-call trajectory analysis, addressing weaknesses that recent academic research identified in content-filter and trust-score-based defenses. Each stored memory is signed at write time and tied to a verified principal, while a derivation graph enforces that any memory traceable to an untrusted source can never be laundered to a trusted tier. A SensitiveActionGate blocks irreversible actions whose justification traces back to an untrusted ancestor, achieving an attack success rate of 0.000 against Layer A and an AUC of 0.978 with attacker camouflage on Layer B. The release was verified by an independent auditor who ran custom adversarial tests, with the behavioral detection layer currently set to alert-only mode pending false-positive rate measurement.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Apidog CLI lets AI agents update API specs safely with branch isolation

Manually editing API specifications is error-prone, so developers are turning to AI agents to automate tasks like renaming fields, adding enum values, or making parameters required. The Apidog CLI provides guardrails for this process, including local validation, isolated AI branches, and human-reviewed merges before changes go live. A key technical constraint is that Apidog's update commands replace entire objects rather than merging arrays or properties, meaning agents must always fetch the full resource, modify it locally, validate it, then rewrite it completely. To prevent unintended changes to production contracts, the recommended workflow involves creating a dedicated AI branch from the main branch before any modifications are made. Resources must also be explicitly imported into the AI branch using a pick-to command, since AI branches start empty and do not automatically clone content from the source branch.

0
ProgrammingDEV Community ·

Study Shows Agentic AI Workflows Should Evolve Into Deterministic Code Over Time

A paper titled 'Progressive Crystallization' proposes a lifecycle model for AI agentic workflows, arguing that repeated tasks should gradually shift from autonomous agent execution to deterministic, codified workflows. In a real-world cloud-network operations system, this approach increased deterministic executions from 0% to 45% over eight months while cutting per-incident agent costs by over 70%. The framework defines three execution types: agent-orchestrated, hybrid, and fully deterministic, with maturity meaning less reliance on runtime AI inference for known problems. A companion paper, 'Compiled AI', supports this direction by showing a 96% task completion rate using zero execution tokens after an LLM generates and validates a reusable artifact upfront. Together, the research argues that treating agentic workflows as fixed architectures is inefficient, and that enterprise teams benefit most by reserving AI autonomy for novel, unseen problems.

0
ProgrammingDEV Community ·

Developer Uses FROST Family Governance Model to Build AI-Powered Learning Community

A developer known as Shentong Shuo published a technical article on July 15, 2026, describing how they applied the FROST multi-agent governance framework to automate student support for a solo-run training bootcamp. The bootcamp, called 'Breaking Through: Dynamic Capability Growth Camp,' faced operational strain as repetitive student queries consumed significant daily effort across 15 learners. Using FROST's hierarchical model — which maps AI agent roles to family archetypes such as Ancestor, Scout, Soldier, and Elder — the developer designed a system where AI handles roughly 80% of routine questions automatically. Only complex issues involving complaints, refunds, or privacy are escalated to a human instructor. The article includes working Python code demonstrating how each agent role handles classification, response generation, and human escalation within the learning community pipeline.

0
ProgrammingDEV Community ·

Graph-Anchor Pyramid (GAP) Framework Aims to Fix LLM Multi-Hop Retrieval Gaps

A developer published a follow-up to their Pyramid Aggregator architecture after a reader identified a critical flaw: the system assumed all relevant documents were already retrieved, leaving root-cause documents unconnected to symptoms by semantic similarity alone. In real-world environments like SRE and cybersecurity, root causes and visible symptoms are often separated by layers of system logic, meaning standard vector search can miss causally linked but semantically distant documents. To address this, the team developed GAP (Graph-Anchor Pyramid), which combines Graph-RAG, Topology-Aware Leaf Grouping, and Prompt-Level Semantic Anchoring into a single framework. The approach is designed to recover complete causal chains in multi-document synthesis tasks without the lossy compression introduced by intermediate natural language summaries. The framework has been validated across two generations of Google's Gemini models, according to the author.