PROVENANCE + SEALED EGRESS // 2026

Trust your AI's memory. Verify it.

Memsom is a memory that refuses to repeat anything it can't prove. Secure Fetch lets it read the internet without the internet reaching back into your network.

Read the thesis Request early access
Status
Operational
Poisoning Tests
96
Lies Passed
00
Egress
Sealed
Scroll

The problem // ASI06 + CWE-918

AI memory believes whatever it's told.

Memory poisoning

AI assistants have memory now, but memory believes whatever it is told. Slip a false "fact" into it through a webpage, an email, or a sketchy document, and the AI later repeats that lie as gospel. You would never know where it came from.

OWASP ASI06 // 2026

Server-side request forgery

To be useful, an AI often has to read a webpage for you. The moment you let it fetch a URL, you have handed it a loaded gun. A malicious link makes it reach back into your private network: your router, your files, your internal systems.

CWE-918 // SSRF

Memsom // Provenance Memory

A memory that can't be lied to.

A courtroom for facts. Everything the AI knows arrives with a receipt: who said it, and how much you should trust them. What you tell it directly is a trusted witness. What it read off a random page is an unverified stranger. Trust is assigned by the channel a fact came through, never by how confident the fact sounds.

The rule that holds it together: when facts combine, the conclusion is only as trusted as its least trusted ingredient. One stranger in the mix and the whole conclusion is stamped unverified. A lie can't launder itself into a truth by sitting next to real facts. That is the difference between gossip and journalism. Memsom forces a citation, or it tells you it can't.

Poisoning attacks
96
Lies passed
00
Per memory
$0
Added latency
0ms

The trust ramp

Endorsed Booking confirmed.
User Flight is at 9am.
External Gate B12, per a web page.
min( )
Conclusion External
Be at Gate B12 by 9am.

Stamped EXTERNAL. One red input drags the whole conclusion down to red.

  • Endorsed
  • User
  • Agent-derived
  • External
min(parents): a conclusion is only as trusted as its least-trusted ingredient. A lie can't launder itself into a truth.

SECURE FETCH // SEALED EGRESS

A hazmat suit for reading the internet.

To be useful, an AI often has to read a webpage for you. The moment you let it fetch a URL, you have handed it a loaded gun. So we read the dangerous page the way a scientist handles a virus. Inside a glovebox. Hands go in, the threat never gets out.

A malicious link wants to turn your assistant against your own network. It points the fetch back at your router, your files, your internal company systems. Security people call this SSRF, and it is one of the nastier web attacks. Secure Fetch is built so that even a page actively trying it has nowhere to go.

The part that touches the open internet is caged. The part that reads the page is sealed off from the internet entirely. And nothing read off the web walks in trusted. It gets screened first.

  • 01 // CAGE The fetcher that touches the internet is caged. SSRF-hardened, it owns all egress and physically cannot reach your private network.
  • 02 // SEAL The content is read in a sealed sidecar with no internet at all, not even DNS. A booby-trapped page has nothing to phone home to.
  • 03 // UNTRUSTED Output is treated as untrusted by default. Guilty until proven innocent, never auto-promoted into trusted memory.
EGRESS // SEALED
GLOVEBOX
PAYLOAD fetched page
exfil // phone home
DENIED
192.168.1.1 your router

Egress is owned by the cage. The page never reaches your network.

The handoff // Quarantine > Promote

Screened at the border, stamped on arrival.

  1. 01 EXTERNAL

    Quarantine

    Secure Fetch reads the web. The info is staged, untrusted, untouched by your memory.

  2. 02 k >= 3

    Corroborate

    The same fact must be confirmed by multiple independent sources that agree. One site is not enough.

  3. 03 TRUSTED

    Promote

    Only then is it written into Memsom as trusted, with its receipt attached.

Secure Fetch is the airport security checkpoint. Memsom is the country behind it. You only get a passport stamp if your story checks out from more than one angle.