Security●●Solid
Agent Memory Guard – OWASP defense for AI agent memory poisoning
OWASP reference implementation for ASI06 memory poisoning with LangChain and AutoGen integrations.
Solve My ProblemBig Brain
vgudur297
3015d ago
Back to browse
GitHub Repository
Zora — a long‑running local AI agent with provider registry and secure tool access.
70 starsTypeScript
Zora, AI agent with compaction-proof memory and a runtime safety layer
by ryaker·Mar 18, 2026·2 points·0 comments
AI Analysis
●●●BangerBig BrainZero to OneBold Bet
Policy.toml loaded before every action prevents the context compaction failures that broke OpenClaw.
Strengths
- •CaMeL dual-LLM quarantine isolates raw input from main agent completely
- •Irreversibility scoring 0-100 before tool execution is genuinely novel
- •Locked-by-default posture vs OpenClaw's open-by-default danger
Weaknesses
- •Very early with limited real-world testing against actual attacks
- •Competes with OpenClaw and Aider which have massive existing adoption
Category
Target Audience
Developers running local AI agents with system access
Similar To
OpenClaw · Aider · Cursor
Post Description
In February, Summer Yue, Meta's director of AI alignment, posted about her OpenClaw agent deleting 200+ emails after she'd told it to wait for approval. She screamed "STOP OPENCLAW" at it. It kept going.
The root cause: her constraint lived in the conversation. When the context compacted, it disappeared. The AI hadn't gone rogue; it had genuinely forgotten.
Zora's safety architecture is designed so that it can't happen. A few things that are different:
Compaction-proof rules. Policy lives in ~/.zora/policy.toml, loaded before every action, not in context. The LLM and the PolicyEngine don't share a channel.
Prompt injection defense. Every incoming message (Signal/Telegram) passes through a CaMeL dual-LLM quarantine, an isolated model with no tool access that extracts structured intent from raw text. The main agent never sees the original message.
Runtime safety layer. Every tool call is scored 0–100 for irreversibility before it executes. High-risk actions pause and route to your phone for approval via Signal or Telegram. A session risk forecaster tracks drift, salami slicing, and commitment creep across the whole session.
Locked by default. A misconfigured Zora does nothing. A misconfigured OpenClaw has full system access.
npm i -g zora-agent && zora-agent init
Similar Projects
Security●●●Banger
AgentThreatBench – Benchmark for AI Agent Memory Security
First OWASP-backed security layer for ASI06 memory poisoning in agentic AI.
Big BrainSolve My Problem
vgudur297
2012d ago
AI/ML●●Solid
HELmR – A runtime control layer for autonomous agents
Deterministic agent governance with capability tokens beats probabilistic guardrails.
Big BrainBold Bet
systems_arch
213mo ago
AI/ML●Mid
Adaptive Runtime – AI agent layer, no GPU, crash recovery
Agent runtime infra, but 0 stars and crowded with LangGraph and Temporal.
Ship ItBold Bet
StateflowsLabs
3115d ago
Security●●Solid
Safety layer between AI agents and databases
AST analysis blocks injection attacks before they hit your production database.
Solve My ProblemShip It
burhanultayyab
391mo ago
AI/ML●●Solid
Hipocampus – Persistent memory harness for AI agents
Compaction tree cuts context from 100K tokens to 3K without losing memory.
Big BrainNiche Gem
kevin-hs-sohn
222mo ago