SuperLocalMemory: Privacy-Preserving Multi-Agent Memory with Bayesian Trust Defense Against Memory Poisoning

We present SuperLocalMemory, a local-first memory system for multi-agent AI that defends against OWASP ASI06 memory poisoning through architectural isolation and Bayesian trust scoring, while personalizing retrieval through adaptive learning-to-rank – all without cloud dependencies or LLM inference calls. As AI agents increasingly rely on persistent memory, cloud-based memory systems create centralized attack surfaces where poisoned memories propagate across sessions and users – a threat demonstrated in documented attacks against production systems. Our architecture combines SQLite-backed storage with FTS5 full-text search, Leiden-based knowledge graph clustering, an event-driven coordination layer with per-agent provenance, and an adaptive re-ranking framework that learns user preferences through three-layer behavioral analysis (cross-project technology preferences, project context detection, and workflow pattern mining). Evaluation across seven benchmark dimensions demonstrates 10.6ms median search latency, zero concurrency errors under 10 simultaneous agents, trust separation (gap =0.90) with 72% trust degradation for sleeper attacks, and 104% improvement in NDCG@5 when adaptive re-ranking is enabled. Behavioral data is isolated in a separate database with GDPR Article 17 erasure support. SuperLocalMemory is open-source (MIT) and integrates with 17+ development tools via Model Context Protocol.

💡 Research Summary

SuperLocalMemory is a privacy‑preserving, local‑first memory system designed for multi‑agent AI applications that must guard against the OWASP ASI06 “memory poisoning” threat. The authors argue that cloud‑based memory‑as‑a‑service platforms expose agents to four structural vulnerabilities: multi‑tenant cross‑contamination, network interception, opaque provenance, and vendor lock‑in. By keeping all data on the user’s machine, SuperLocalMemory eliminates these attack surfaces entirely.

The system is built on four progressive layers plus an adaptive learning‑to‑rank (LTR) layer.

1. Storage Engine – Uses SQLite with the FTS5 full‑text index. Write‑Ahead Logging (WAL) and a thread‑safe write queue guarantee zero “database is locked” errors even with concurrent reads and writes. Each memory record stores content, tags, an importance score (1‑10), timestamps, and optionally an entity vector.
2. Hierarchical Index – Implements a materialized‑path scheme for parent‑child relationships, enabling O(1) parent lookup and depth‑proportional path reconstruction. This supports project‑oriented organization of memories.
3. Knowledge Graph – Extracts top TF‑IDF terms per memory, builds pairwise cosine‑similarity edges (threshold > 0.3), and runs the Leiden community‑detection algorithm to produce a three‑level hierarchical clustering. The naïve O(n²) edge computation can be accelerated with an optional HNSW index, and graph construction is capped at 10 000 memories to keep runtime manageable.
4. Pattern Learning – Applies a Beta‑Binomial Bayesian model to eight technology‑category preferences (frameworks, languages, tools, etc.). Priors (α, β) encode initial uncertainty, and confidence is clamped to