What does MemoSift's security scanner detect?

Three categories, all pattern-matched client-side in under a millisecond. Secrets: 25+ patterns including OpenAI, Anthropic, AWS, GitHub PAT, Groq, JWT, connection strings, and generic API keys. PII: SSN, credit cards, phone numbers, email addresses, IP addresses. Prompt injection: 8+ patterns covering instruction overrides, role changes, DAN-style jailbreaks, and system-prompt extraction. Detection uses keyword pre-checks to keep false positives low.

When does scanning run — before or after the agent sees the content?

Before. Scanning runs in the SDK on the client side, in the same Python process as the agent, before any network call to MemoSift's cloud. Sensitive content never reaches the wire unless the project is configured in FLAG mode (which logs findings but passes the content through).

What are the three scanning modes?

FLAG: log findings, pass content through unchanged (for dev and observability). REDACT: replace matches with [REDACTED_TYPE] placeholders, content continues into the pipeline. BLOCK: reject content entirely and raise ContentBlockedError to the calling code.

Which compliance frameworks does MemoSift audit against?

Four: HIPAA (18 Safe Harbor identifiers plus contextual PHI detection), PCI DSS (cardholder data and sensitive authentication data separated — SAD never allowed to persist), SOX (financial record modification, separation-of-duty violations, missing audit trails), and GDPR (personal data plus Article 9 special-category data flagged as critical without explicit consent).

How is compliance auditing structured?

Three tiers. Tier 1 is per-turn — every turn is audited per enabled framework, findings linked to specific memories and artifacts, session intent captured at detection time for temporal replay. Tier 2 is the session digest — findings synthesized into a compliance narrative with risk trajectory. Tier 3 is the project report — cross-session aggregation with executive summaries and actionable recommendations, cached for one hour.

SECURITY & COMPLIANCE

Every turn, evidence.
Every session, replayable.

MemoSift sits at the tool-execution boundary. PII, PHI, secrets, and prompt injections are flagged before the LLM sees them — each finding bound to a framework clause, a turn, and an artifact.

pipeline layers

compliance frameworks

100%

turns auditable

<12ms

scan overhead

EVIDENCE · LIVE

sess_8f2c1a_0421

HIPAApatient.ssn541-82-9930§164.514(b)(2)(i)(F)HIGH

HIPAApatient.mrnMRN-0094412§164.514(b)(2)(i)(H)HIGH

PCIcard.pan4111-…-44443.4 · PANHIGH

PCIcard.cvv2043.2.2 · SADHIGH

GDPRweb.injectionprompt-injectMS-PI-03HIGH

SOXledger_txnLX-…-0994412§404MED

HIPAApatient.emailmaria.s@…§164.514(b)(2)(i)(L)MED

↳ 7 findings · 4 frameworks · bound to turn + artifact

01 · THREAT MODEL

Eight classes of risk.
Every tool result scanned for all of them.

Detectors run in parallel inside the tool-execution boundary. Findings are typed, severity-graded, and tagged with the compliance clause that applies — before the payload ever reaches your LLM.

01high

PII

Personally Identifiable Information

namesaddressesphonesSSNgovernment IDsDOBs

↳ "Maria Santos" → «patient:p_4f8a»

GDPRHIPAA

99.1% recall

02high

PHI

Protected Health Information

MRNICD-10NPIlab valuesSafe Harbor 18

↳ "MRN-0094412" → mrn_ref (vaulted)

HIPAA

98.7% recall

03high

Payment data

Cardholder + Sensitive Auth Data

PAN (Luhn)CVVexpirytrack dataIBAN

↳ "4111-2222-3333-4444" → never persisted

PCIGDPR

100% recall

04high

Secrets

API keys, tokens, credentials

AWS · GCP · AzureJWT · OAuthDB connection stringsprivate keys

↳ "AKIA…" → secret_ref + alert

SOC 2ISO 27001

96.4% recall

05high

Prompt injection

Untrusted content override attempts

ignore-previousrole-overridetool-steeringexfil prompts

↳ "Ignore previous instructions…" → quarantine

GDPR Art. 32internal

93.2% recall

06high

Data exfiltration

Outbound leakage in agent replies

PII echoPHI echocard echosecret echo

↳ agent reply scanned pre-send · block on match

HIPAAPCIGDPRSOX

outbound gate

07medium

Financial identifiers

Ledger, account, routing

ledger txn IDsaccount numbersroutingtax IDs

↳ "LX-2026-04-…" → tokenize + append-only

SOXGDPR

immutable audit

08low

Cross-session joins

Minimum-necessary enforcement

entity propagationtoken-only recallscope budget

↳ recall returns refs, never raw PHI

HIPAA §164.502

token-bound

02 · CONTEXT REPLAY

Step through any session
turn by turn, finding by finding.

Every session is reconstructible. Scrub the turn strip below — see what the tool returned, what was flagged, which compliance clause triggered, and which artifact the evidence lives in.

sess_8f2c1a_0421acme-healthsupport-triage-v3

8 turns11 findingsrisk 0.34

TURN 2·db.query

argsSELECT * FROM claims WHERE id="CLM-88421"

◫

claim_CLM-88421.jsonsql_row · 3.8 KB

externalized

what the LLM sees

db.query → artifact:claim_CLM-88421.json
summary: claim CLM-88421, provider «provider:pr_aa12»,
          approved=true, copay=$42.00, dx=[M54.5, R51]
          patient=«patient:p_4f8a» (linked turn_1)

memory extractedclaim CLM-88421 approved · copay $42 · provider = pr_aa12

FINDINGS·4 at T2

f_03HIGH

HIPAAGDPR

patient.ssn

value541-82-9930

ruleHIPAA §164.514(b)(2)(i)(F) · SSN

actionredact + vault

artifactclaim_CLM-88421.json#/patient/ssnoffsetline 5

f_04HIGH

HIPAA

patient.mrn

valueMRN-0094412

ruleHIPAA §164.514(b)(2)(i)(H) · Medical record numbers

actiontokenize → mrn_ref

artifactclaim_CLM-88421.json#/patient/mrnoffsetline 7

f_05MED

HIPAAGDPR

patient.email

valuemaria.s@acmehealth.io

ruleHIPAA §164.514(b)(2)(i)(L) · Email

actionredact

artifactclaim_CLM-88421.json#/patient/emailoffsetline 8

f_06LOW

HIPAA

provider.npi

valueNPI 1902884412

ruleHIPAA §164.514(b)(2)(i)(O) · Provider identifiers

actiontokenize → provider_ref

artifactclaim_CLM-88421.json#/provideroffsetline 10

intentclaim_status_lookupcumulative risk0.24

↳ this same replay is available for every session via ms.replay(session_id) or the dashboard

03 · OBSERVABILITY

A dashboard for what your agents
actually did to your data.

Every finding, every redaction, every session risk score — indexed and queryable. Export to Splunk, Datadog, or any SIEM. Wire alerts to the channels your on-call already uses.

dashboard.memosift.io/ acme-health / observability

last 24hLIVE

sessions

1,284

+12%

findings

3,417

+4%

redactions

2,902

98.3%

blocked outbound

PHI/PCI

median scan

11ms

p99 38ms

avg session risk

0.21

moderate

RISK TIMELINE

Findings + risk trajectory · 24h

findings risk alert

PCI · PAN attempt blocked

HIPAA · bulk PHI export flagged

PI · prompt injection quarantined

SOX · ledger mutation out of scope

00:0006:0012:0018:00now

RECENT SESSIONS

Replayable · click row to open

1,284 total · 6 shown

sessionagentturnsfindingsriskwhen

sess_8f2c1a_0421support-triage-v38110.344m ago

sess_9a14e2_0421underwrite-bot-v122310.6118m ago

sess_7c8001_0421support-triage-v3420.0822m ago

sess_6d4419_0421ops-assistant-beta17140.2951m ago

sess_5e0042_0421support-triage-v31160.171h 12m

sess_4b9988_0421billing-agent-v2990.442h 04m

LIVE ALERTS

High + medium · last 2h

→ slack #agent-sec

PCI

PAN attempt in user input · sess_9a14e2

now · HIGH

HIPAA

MRN echo in outbound · blocked · sess_9a14e2

2m · HIGH

INJ

prompt injection quarantined · web.search · sess_6d4419

11m · HIGH

SOX

ledger txn outside agent scope · sess_4b9988

23m · MED

GDPR

Art. 9 special-cat detected · redacted · sess_5e0042

44m · MED

SEC

AWS key pattern in tool output · vaulted · sess_6d4419

1h 02m · HIGH

BY FRAMEWORK

3,417 findings · 24h

HIPAA1,84254%

GDPR89726%

PCI51215%

SOX1665%

04 · COMPLIANCE

Four frameworks,
three evidence tiers, one audit trail.

Per-turn findings roll up into session digests, which roll up into project-wide reports with executive summaries — all pre-mapped to the clauses your auditor cares about.

HIPAA

45 CFR §164 · Safe Harbor

⛨

Health Insurance Portability & Accountability Act

§164.514(b)(2)(i)(A–R)18 identifier Safe Harbor

§164.502minimum-necessary enforcement

§164.312(b)audit controls · immutable log

5,412 Safe Harbor redactions / mo

PCI DSS

v4.0 · Req. 3 · 8 · 10

⛨

Payment Card Industry Data Security Standard

Req 3.4PAN never stored in context

Req 3.2.2SAD (CVV, track data) dropped post-auth

Req 10.2full audit log of PAN-touch events

PAN/CVV · 100% recall on Luhn + patterns

GDPR

Art. 9 · Art. 32 · Art. 17

⛨

General Data Protection Regulation

Art. 9special-category data detection

Art. 32pseudonymisation at ingest

Art. 17erasure requests fan out via entity graph

avg erasure-request fan-out: 142ms

SOX

§302 · §404 · ICFR scope

⛨

Sarbanes-Oxley — financial controls

§404agent actions on financial records · append-only

§302attestation-ready session digests

COSO alignsegregation-of-duties checks at recall

100% of ledger-touching turns retained

THREE-TIER PIPELINE · SAME DATA, DIFFERENT LENS

01<12ms

Per-turn

findings

Every tool result scanned in-line. Each finding is typed, severity-graded, and bound to a clause, an artifact, and an offset.

finding_idf_03

frameworkHIPAA · §164.514(b)(2)(i)(F)

fieldpatient.ssn

actionredact + vault

→

02per session

Session digest

trajectory

Findings aggregate into a per-session digest with risk trajectory, flagged turns, intent epochs, and entity propagation map.

sessionsess_8f2c1a_0421

overall_risk0.34 · moderate

flagged_turns[2, 4, 5, 6]

intent_epochsclaim_lookup → payment → care

→

03rolling

Project report

executive

Sessions roll up into a signed project report: executive summary, framework coverage, attestation pack, SIEM-ready JSON + PDF.

projectacme-health

sessions1,284 · 30d

coverageHIPAA · PCI · GDPR · SOX

exportjson · pdf · splunk · datadog

ENTERPRISE READY

Your security team's first AI-native control plane.

Bring your own keys. Self-host the vault. Export every finding to your SIEM. MemoSift is the evidence layer your agents should have had from day one.

Talk to security Read the whitepaper

Every turn, evidence.Every session, replayable.

Eight classes of risk. Every tool result scanned for all of them.

Step through any session turn by turn, finding by finding.

A dashboard for what your agents actually did to your data.

Four frameworks, three evidence tiers, one audit trail.

Your security team's first AI-native control plane.

Every turn, evidence.
Every session, replayable.

Eight classes of risk.
Every tool result scanned for all of them.

Step through any session
turn by turn, finding by finding.

A dashboard for what your agents
actually did to your data.

Four frameworks,
three evidence tiers, one audit trail.