Never let your AI act on unverified memory.

Your AI agent is about to act on memory it hasn't verified — Sgraal is the verification.

One API call. A deterministic, replayable verdict — the same memory state returns the same verdict, byte-identical, in the absence of feedback events that update internal learning state (strict per-call replay via an opt-in flag).

One wrong memory. One irreversible action. Sgraal flags it before your agent acts on it.

pip install sgraal content_copy
30 days · 1,000 decisions · No credit card required
See benchmark -> Examples
terminal
$ curl -X POST https://api.sgraal.com/v1/check \
  -H "Authorization: Bearer sg_demo_playground" \
  -d '{"memories": ["Deploy target is production",
  "API key is sk-proj-abc123"]}'
# Response:
{
"safe": false,
"reason": "Memory contains a likely secret (API key).",
"action": "Remove secrets from memory before proceeding."
}
614
Corpus cases
100%
Deterministic · byte-identical verdict
8
Adversarial rounds (R1–R8)
11
SDKs

Design Partner Program

Sgraal's design-partner program is launching across regulated verticals. Partner feedback shapes the roadmap — and identities stay private until launch. Apply to join or contact us.

medical_services

Anonymized Fortune 500

Healthcare CMO office

trending_up

Quantitative AI trading team

Confidential

gavel

EU-based DPO consortium

Multi-agent platform pilot

account_tree

Healthcare data network

HIPAA + GDPR cross-jurisdiction

code

Open-source LLM platform team

Agentic memory governance

account_balance

US federal contractor

Preflight integration eval

Cards are anonymized to protect partner identity. As partners go public, individual cards are replaced with signed logos and named case studies.

Pick your path

Sgraal works for everyone building with AI agents.

One engine, six customer journeys. Find the page that speaks your language.

code

For Developers

Live

Drop-in safety for any AI agent memory. 5-line integration, a Python SDK + MCP server + 6 published framework adapters (3 more in beta), Apache 2.0. SafeMemory wrapper for Mem0 — a code-level integrity gate that catches tampered, forged, or contradicting memory before use.

Read developer docs →

Deep dive: Insights · Counterfactual

hub

For Platform & MLOps

Live

Run Sgraal at any scale. Hosted, self-hosted, or zero-dep edge mode. Plugin system, autonomous healing, 30-day degradation forecast.

See platform features →

Deep dive: OpenTelemetry integration

science

For Researchers

Live

25 mathematical disciplines. 85 modules. R1–R3 adversarial corpus (available on request). Automated policy-consistency checks. Free academic tier.

Read the whitepaper →

Deep dive: Proofs & Certificates

rocket_launch

For AI Startups

Live

Sell to enterprise faster. Bundle safety + compliance + GDPR proof. W3C VCs, MVMem certificate, founder-accessible pricing.

See the bundle →
shield

For Security teams

Live

6 detection layers. Fleet-wide vaccine propagation Beta. Behavioral profiling per agent. Cryptographic forensic proofs. Built for CISOs.

Read threat model →

Deep dive: Memory Vaccination

verified_user

For DPOs & Compliance

Live

EU AI Act, GDPR, HIPAA, FDA 510(k), NIST AI RMF — mappable with one API call. W3C Verifiable Credentials. Auto-generated conformity declarations.

Generate a sample certificate →

Deep dive: Minimum Viable Memory

Also building for

Healthcare Beta Trading Beta Multi-Agent Systems Beta Forensics Concept Insurance Concept Government Concept Frontier Labs Concept

Open core

What's open. What's hosted.

No ambiguity. Apache 2.0 SDK and edge mode are open source. The scoring engine is hosted on sgraal.com — your tenant calibration stays private.

code_blocks

Open source — Apache 2.0

  • Python SDKpip install sgraal
  • Python SDK + MCP server + 6 published framework adapters — LangChain, CrewAI, Mem0, OpenAI, AutoGen, RAG (LlamaIndex, Haystack, Semantic-Kernel in beta)
  • Edge mode — zero-dependency, air-gappable, near-instant local scoring
  • OpenAPI specification — full API contract published
  • R1–R3 benchmark corpus — 239 adversarial cases, available on request
  • MCP server — Claude Desktop integration via @sgraal/mcp
View on GitHub Browse all SDKs →
cloud

Hosted engine — sgraal.com

  • 85-module scoring pipeline — full production engine
  • Per-tenant calibrated thresholds — learns from your traffic
  • Fleet vaccine corpus Beta — sub-second attack signature propagation (in active development)
  • Q-learning per-domain — production RL adaptation
  • R12 adversarial corpus — held privately
  • W3C VC signing — audit-grade compliance evidence
See pricing → Try in playground →

Self-host the SDK + Proxy + Edge mode for free. The hosted engine powers per-tenant calibration, fleet immunity Beta, and signed compliance certificates.

Sgraal sees what your agents are about to do — including the decisions that were blocked and never happened.

security

Verdict before action

Every preflight returns USE/WARN/ASK/BLOCK + a one-paragraph explanation. Your agent gets a verdict, your audit log gets evidence.

database

Replay any past decision

Byte-identical replay of any historical verdict via cryptographic Memory Passport — in the absence of feedback events that update internal learning state; strict per-call replay via an opt-in flag (see /docs/determinism.md). Forensic-grade audit trail for litigation or compliance.

psychology

Block, don't just log

When the verdict is BLOCK, your agent stops before the irreversible action. Compare to traditional SIEM: detects after the breach.

nightlight

Sleep through 3am incidents

Sgraal validates every memory access before any irreversible action — even at 3am. No on-call paging for memory-state false positives.

Any AI. Any memory. Any stack.

Seamlessly integrates with your existing agent architecture.

See all integrations →

AI Agents

CrewAI Microsoft Autogen OpenAI Agents Semantic Kernel

Frameworks

LangChain LlamaIndex Haystack

Infrastructure

Cloudflare Workers Edge SDK Zapier Make
integration_request.py HTTPS POST 
{
  "headers": {
    "Authorization": "Bearer sg_live_..."
  },
  "body": {
    "agent_id": "agent-payments",
    "memory_state": [
      {"id": "mem_001", "content": "User balance: $50,000",
       "type": "semantic", "timestamp_age_days": 3}
    ],
    "action_type": "irreversible",
    "domain": "fintech"
  }
}

Python SDK

Plain strings in, plain English out. One call.

import sgraal

sg = sgraal.Client("sg_live_...")
result = sg.check([
    "Deploy target is production",
    "API key is sk-proj-abc123"
])

print(result["safe"])    # False
print(result["reason"])  # "Memory contains a likely secret (API key)."

Free

$0 /mo

10,000 decisions/month

Start free
Most Popular

Pro

$99 /mo

250,000 decisions/month

Go Pro

Team

$499 /mo

2,500,000 decisions/month

Start Team

Enterprise

From $2,500

Custom decision limit

Contact sales

🚀 Beta pricing — all plans are live today. Save 20% with annual billing. Cancel anytime.

See full pricing details →

Dual-Stack Benchmark with Grok (xAI)

Joint benchmark with Grok (xAI) across 5 shared corpora, plus 3 Sgraal-only rounds. Two separately-built stacks scored the same Sgraal-authored corpora side-by-side — convergent, but shared-LLM-prior corroboration, not independent validation.

Recall measured against Sgraal's own ground truth on a synthetic structural corpus (every structurally-detectable attack flagged; ASK_USER counts as caught). Grok independently scored the same corpora — corroboration, not external validation. Residual misses are the metadata-clean content-forgery class (out of scope for a structural gate); over-escalation on benign-control cases is non-zero. Production calibration pending.

Round 1 — Sponsored Drift

COMPLETE

60 cases · affiliate bias · brand manipulation

Sgraal 100% recall
Grok F1 = 0.98

Round 2 — Subtle Drift

COMPLETE

59 cases · commercial_intent 0.30–0.55

Sgraal 100% recall · 0 missed attacks
Grok F1 = 0.98 · 2 false negatives

Round 3 — Hallucination

COMPLETE

60 cases · confident fabrication · multi-hop echo · cross-agent amplification

Sgraal 100% recall · 0 missed attacks
Grok 100% recall

Round 4 — Real-world Propagation

COMPLETE

90 cases · memory injection · cross-agent drift · RAG poisoning · API drift

Sgraal 100% recall · 90 cases
Grok 100% recall · <2% multi-hop propagation (Grok R4 corpus — not cross-tenant containment)

Round 6 — Memory Time Attack

COMPLETE

Timestamp forgery detection. Old decisions disguised as fresh, bypassing Weibull decay.

Sgraal 100% recall · 60 cases
New field timestamp_integrity: VALID | SUSPICIOUS | MANIPULATED

Round 7 — Identity Drift

COMPLETE

Gradual role and authority escalation across agent hops.

Sgraal 100% recall · 90 cases
New field identity_drift: CLEAN | SUSPICIOUS | MANIPULATED

Round 8 — Silent Consensus Collapse

COMPLETE

Self-reinforcing false consensus — no single agent flags the error.

Sgraal 100% recall · 90 cases
New field consensus_collapse: CLEAN | SUSPICIOUS | MANIPULATED

Round 5 — Multi-model Consensus Poisoning

PARKED

3 independent stacks syncing on fabricated consensus. Joint corpus with Grok — Sgraal-side ready, awaiting partner corpus.

Sgraal Armed · anti-consensus layer active
Status research notes →

"Confidence ≠ truth. Deterministic structural checks catch what probabilistic systems miss."

R1–R8 structural corpus — every structurally-detectable attack flagged · R14 adversarial hardening in progress

These figures reflect synthetic R12/R14 corpus performance; production calibration is pending paying-customer onboarding.

Dual-Stack Benchmark with Grok — synthetic adversarial corpora

Joint with Grok across Rounds 1–5 (Sgraal: 100% recall on the structural corpus — every structurally-detectable attack flagged, ASK_USER counts as caught; Grok: F1 0.98–1.000 on the same corpora), plus 3 Sgraal-only rounds (6–8). 614 cases total. Two AI systems stress-tested each other's safety layers as peers. Residual misses are the metadata-clean content-forgery class (out of scope for a structural gate); over-escalation on benign-control cases is non-zero; production calibration pending.

Read the joint blog post →
View Corpus on GitHub Read the Standard