Skip to content
LlmWikis.orgLLM Wiki handbook
UAIX canonical
Menu
UAIX canonical
Source map LLM Wiki handbook llms.txt What is an LLM Wiki? Setup wizard Checklist Specification Metadata Navigation vs RAG vs AI Memory Source policy UAI-1 spec

LlmWikis knowledge page

MATM Security and Privacy

Governed MATM expands the attack surface because agents can produce memory that other agents later trust. Security must cover admission, scope isolation, retrieval, retention, deletion workflows, public export, and adversarial producers.

Required Controls

Control MATM requirement
Authenticated producer identity Every event names the source agent, task, environment, and artifact provenance.
Capability-scoped authorization Workers can emit events only for approved scopes; durable admission belongs to the curator.
Per-scope access control Project, team, and agent-repo records must not leak across tenant or role boundaries.
Schema validation Reject unsupported fields, secret-like fields, non-UTC timestamps, direct-write states, and malformed extensions.
Content sanitization Filter prompt-injection payloads, private data, credentials, and hidden reasoning before review.
Evidence validation Use allowlists, hashes, source refs, and reviewer checks for high-impact records.
Audit Keep immutable event, curation, retrieval, deprecation, and incident records where policy permits.
Retention and privacy deletion Define TTL, archive, deprecation, erasure workflows, and public-export review separately.

Threats

  • Memory poisoning: a producer submits useful-looking but harmful procedure memory.
  • Cross-scope leakage: a project or user-identity record becomes retrievable outside its allowed boundary.
  • Hypothesis promotion: an unproven idea is retrieved as fact.
  • Deprecation bypass: old guidance remains in the index after deprecation.
  • Hidden reasoning exposure: private chain-of-thought or private rationale is stored as durable memory.
  • API confusion: a non-normative API example is mistaken for a live LLMWikis endpoint.

Advanced Work

Differential privacy, cryptographic provenance, federated consensus, cross-organization memory, and inter-organizational retrieval can be valuable advanced work. Treat them as optional future controls unless the deployment has implemented and validated them. Policy-based redaction alone is not a formal privacy guarantee.