MemoSift
Security & Compliance

Scanned.Audited.
Reported.

Security scanning runs client-side before storage. Compliance auditing runs per turn, per session, per project.Four regulatory frameworks. Zero code changes to enable.

<1ms

scan latency

25+

secret patterns

4

compliance frameworks

3

audit tiers

Client-Side Security
Scannedbeforestorage.Notafter.
Everypieceofcontentisscannedinyourprocessin<1ms.Sensitivedataneverreachesthecloudunlessyouoptin.
Secrets25+patterns

OpenAI, Anthropic, AWS, GitHub PAT, Groq, JWT, connection strings, passwords

confidence: 0.75–0.99

HOW IT WORKS

Pattern-matched with overlap prevention. Higher-priority keys (sk-proj-) take precedence over generic (sk-) patterns. Connection strings detect postgres, mysql, mongodb, redis, amqp URIs.

PII6patterns

SSN, credit cards, phone numbers, email addresses, IP addresses

confidence: 0.70–0.95

HOW IT WORKS

Auto-suppression prevents false positives in CSV/JSON arrays and code. Phone patterns are gated — only scan when separators like dashes or parentheses are present.

Prompt Injection8+patterns

Instruction overrides, role changes, system prompt extraction, DAN patterns

confidence: 0.85

HOW IT WORKS

Gated detection — only activates when keywords like 'ignore previous', 'you are now', 'reveal system prompt' appear in content. Minimizes false positives in normal conversation.

Threemodes
FLAG

Log findings, content passes through unchanged

REDACT

Replace matches with [REDACTED_TYPE] placeholders

BLOCK

Reject content entirely, raise ContentBlockedError

SECURITY DASHBOARD

SecurityOverview
TIME RANGE: 7d

SAFE

SECURITY POSTURE: OPTIMAL

SECRETS

8

redacted

PII

15

redacted

INJECTIONS

4

flagged

INTEGRITY

OK

verified

FINDINGS TREND

MTWTFSS
Compliance Pipeline
Threetiers.TurnSessionProject.
Enableframeworksperproject.Noagentcodechanges.Findingscascadeupwardintonarrativesandreports.
TIER 1

Per-Turn Audit

Every turn scanned per enabled framework. Findings linked to specific memories and artifacts.

Session intent captured at detection time for temporal replay.

TIER 2

Session Digest

All findings synthesized into a compliance narrative. Risk trajectory computed.

Key moments identified. Intent at peak risk captured.

TIER 3

Project Report

Cross-session aggregation with executive summaries. Dominant patterns identified.

Risk-trigger intents mapped. Actionable recommendations generated.

Frameworks
Fourframeworks.Framework-specificrules.
HIPAAProtected Health Information

18 Safe Harbor identifiers. Names, dates, SSN, MRN, diagnoses, treatments, lab results.

CRITICAL

Direct PHI in exports (SSN + diagnosis)

DEEP DIVE · HIPAA

Contextual detection: diagnoses associated with individuals, treatment plans, lab results linked to patient records. Provider names flagged when paired with patient data.

PCI DSSCardholder Data Protection

PAN (13-19 digits), CVV/CVC, PIN blocks, magnetic stripe data, cardholder names.

CRITICAL

Any SAD present (CVV, PIN) or unmasked full PAN

DEEP DIVE · PCI DSS

Distinguishes between Cardholder Data (CHD) and Sensitive Authentication Data (SAD). SAD is NEVER allowed to persist. Masked PANs tracked separately from full PANs.

SOXFinancial Controls

Financial record modification, separation of duty violations, unauthorized access patterns.

CRITICAL

Evidence of financial record tampering

DEEP DIVE · SOX

Detects missing audit trails on financial modifications, same-actor conflicts across roles, data integrity compromises, and missing approval workflows for material changes.

GDPRPersonal Data & Article 9

Names, IDs, IP addresses, location. Plus health, genetic, biometric, racial/ethnic data.

CRITICAL

Special Category data without consent

DEEP DIVE · GDPR

Pseudonymized data still counts as personal data under GDPR. Cross-border transfer detection. Special Category (Article 9) data gets critical severity without explicit consent markers.

Context Replay
Replayanysession.Turnbyturn.
Everycompliancefindingcapturesthesessionintentactivewhentheviolationoccurred.Digeststrackrisktrajectory.Reportsmapwhichworkflowsproduceviolations.
Temporal snapshots

Reconstruct what the agent knew at any turn

Intent correlation

Map violations to specific agent goals

Risk trajectory

Track if risk is escalating, stable, or improving

Executive reports

Project-wide summaries with recommendations

SESSIONCOMPLIANCETIMELINE
Turn 3CLEAN

v1 · Explore codebase

Agent reads configs and source files

Turn 8MEDIUM

v2 · Process user data

Personal names appear in tool output

Turn 12HIGH

v2 · Process user data

Email addresses stored without redaction

Turn 15CRITICAL

v2 · Process user data

SSN detected in CSV artifact content

Turn 18MEDIUM

v3 · Generate reports

Aggregated data with low re-id risk

SESSION DIGEST

ESCALATINGrisk trajectory

“Session started clean but introduced personal data at turn 8 when processing user records. Risk escalated through turns 12-15 with unredacted SSN in CSV artifacts.”

API
Fourendpoints.Fullprogrammaticaccess.
GET

/v1/compliance/findings

List findings with filters — project, framework, severity, session

GET

/v1/compliance/digests/{session_id}

Session compliance digest — risk level, trajectory, narrative, key moments

GET

/v1/compliance/reports/{project_id}

Project report — executive summary, patterns, recommendations (cached 1h)

POST

/v1/compliance/reports/{project_id}/regenerate

Force regenerate project report

Compliance from turn one.

Enable per project. No agent code changes. Free during beta.

pip install memosift