Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SuperLocalMemory: Privacy-Preserving Multi-Agent Memory with Bayesian Trust Defense Against Memory Poisoning

Varun Pratap Bhardwaj

Abstract

We present SuperLocalMemory, a local-first memory system for multi-agent AI that defends against OWASP ASI06 memory poisoning through architectural isolation and Bayesian trust scoring, while personalizing retrieval through adaptive learning-to-rank -- all without cloud dependencies or LLM inference calls. As AI agents increasingly rely on persistent memory, cloud-based memory systems create centralized attack surfaces where poisoned memories propagate across sessions and users -- a threat demonstrated in documented attacks against production systems. Our architecture combines SQLite-backed storage with FTS5 full-text search, Leiden-based knowledge graph clustering, an event-driven coordination layer with per-agent provenance, and an adaptive re-ranking framework that learns user preferences through three-layer behavioral analysis (cross-project technology preferences, project context detection, and workflow pattern mining). Evaluation across seven benchmark dimensions demonstrates 10.6ms median search latency, zero concurrency errors under 10 simultaneous agents, trust separation (gap =0.90) with 72% trust degradation for sleeper attacks, and 104% improvement in NDCG@5 when adaptive re-ranking is enabled. Behavioral data is isolated in a separate database with GDPR Article 17 erasure support. SuperLocalMemory is open-source (MIT) and integrates with 17+ development tools via Model Context Protocol.

SuperLocalMemory: Privacy-Preserving Multi-Agent Memory with Bayesian Trust Defense Against Memory Poisoning

Abstract

We present SuperLocalMemory, a local-first memory system for multi-agent AI that defends against OWASP ASI06 memory poisoning through architectural isolation and Bayesian trust scoring, while personalizing retrieval through adaptive learning-to-rank -- all without cloud dependencies or LLM inference calls. As AI agents increasingly rely on persistent memory, cloud-based memory systems create centralized attack surfaces where poisoned memories propagate across sessions and users -- a threat demonstrated in documented attacks against production systems. Our architecture combines SQLite-backed storage with FTS5 full-text search, Leiden-based knowledge graph clustering, an event-driven coordination layer with per-agent provenance, and an adaptive re-ranking framework that learns user preferences through three-layer behavioral analysis (cross-project technology preferences, project context detection, and workflow pattern mining). Evaluation across seven benchmark dimensions demonstrates 10.6ms median search latency, zero concurrency errors under 10 simultaneous agents, trust separation (gap =0.90) with 72% trust degradation for sleeper attacks, and 104% improvement in NDCG@5 when adaptive re-ranking is enabled. Behavioral data is isolated in a separate database with GDPR Article 17 erasure support. SuperLocalMemory is open-source (MIT) and integrates with 17+ development tools via Model Context Protocol.
Paper Structure (27 sections, 2 equations, 1 figure, 5 tables)

This paper contains 27 sections, 2 equations, 1 figure, 5 tables.

Table of Contents

  1. Introduction
  2. Threat Model and Motivation
  3. Memory Poisoning Taxonomy
  4. Why Cloud Architecture Amplifies Risk
  5. System Architecture
  6. Four-Layer Memory Stack
  7. Layer 1: Storage Engine.
  8. Layer 2: Hierarchical Index.
  9. Layer 3: Knowledge Graph.
  10. Layer 4: Pattern Learning.
  11. Event Coordination Layer
  12. Adaptive Learning Layer
  13. Trust Scoring Framework
  14. Bayesian Trust Model
  15. Provenance Tracking
  16. ...and 12 more sections

Figures (1)

  • Figure 1: SuperLocalMemory architecture. The four-layer memory stack (left) provides progressive enhancement; the adaptive learning layer (v2.7) re-ranks search results using three-layer behavioral analysis. The coordination panel (right, v2.5) handles event broadcasting, trust scoring, and provenance tracking, with feedback and learned patterns stored in an isolated learning.db (GDPR-friendly, supports Article 17 erasure). All data remains on the user's machine.