SuperLocalMemory: Privacy-Preserving Multi-Agent Memory with Bayesian Trust Defense Against Memory Poisoning

Researcher Varun Pratap Bhardwaj has published SuperLocalMemory, a novel architecture designed to secure the persistent memory systems that AI agents increasingly rely on. The system directly addresses the documented threat of memory poisoning attacks (OWASP ASI06) in production environments, where compromised data can propagate across user sessions in cloud-based systems. SuperLocalMemory's core innovation is its local-first approach, eliminating cloud dependencies and LLM inference calls for memory operations to create a decentralized defense. It combines SQLite-backed storage with full-text search (FTS5) and an event-driven coordination layer that tracks per-agent provenance, fundamentally shifting security from perimeter-based to architectural.

The technical implementation uses a Bayesian trust scoring mechanism to identify and degrade trust in potentially poisoned memories, demonstrating a 0.90 trust separation gap and a 72% trust degradation rate against sleeper attacks. For usability, it features an adaptive learning-to-rank framework that personalizes retrieval by analyzing user behavior across three layers: cross-project tech preferences, project context, and workflow patterns. This resulted in a 104% improvement in retrieval accuracy (NDCG@5). Evaluated across seven benchmarks, the system showed 10.6ms median search latency and handled 10 simultaneous agents with zero concurrency errors. As an open-source tool released under the MIT license with GDPR-compliant data isolation and MCP integration, SuperLocalMemory provides a practical, deployable foundation for building more robust and private multi-agent applications.