sovsealsovseal
WelcomePlatformSelf-HostedCookbooksIntegrationsSDK ReferenceAPI ReferenceComponentsChangelog
Verified by the sovseal team

Threat Detection with VSR

Protect Security Operations Center (SOC) agents from memory poisoning using Verified Semantic Recall.

This cookbook demonstrates how to implement a secure Security Operations Center (SOC) analysis agent. The agent reads and writes threat intelligence parameters (such as malicious IP lists, file hashes, and attack patterns) while validating state integrity on every read through Verified Semantic Recall (VSR).

The Memory Poisoning Threat

In agentic security workflows, memory poisoning occurs when an attacker modifies the replication database to inject false indicators of compromise (IOCs). This can lead to:

  1. False Negatives: The agent is tricked into ignoring malicious IPs because its stored rules were altered.
  2. Denial of Service: The agent flags legitimate internal IPs as malicious, blocking operations.

VSR neutralizes this attack vector by verifying that every snapshot returned from the network perfectly matches the client's expected state hash.

Code Implementation

Create the threat analysis script soc_agent.ts:

import { sovseal, VsrFailureError } from "@sovseal/sdk";

// Initialize the local-first security client
const client = new sovseal({
  apiKey: process.env.SOVSEAL_API_KEY,
  replicationUrl: "https://ksrlmubaxzwufziwarps.supabase.co/functions/v1/v2-agent-state"
});

interface ThreatIndicator {
  ipAddress: string;
  threatLevel: "CRITICAL" | "HIGH" | "MEDIUM";
  signatureHash: string;
  notes: string;
}

/**
 * Fetch and cryptographically verify threat indicators
 */
async function queryThreatDatabase(targetIP: string): Promise<ThreatIndicator | null> {
  try {
    // Perform vector lookup. Under the hood, this retrieves the snapshot and runs VSR.
    const results = await client.recall(`threat_intel_ip:${targetIP}`, {
      topK: 1
    });

    if (results && results.length > 0) {
      return results[0].payload as ThreatIndicator;
    }
  } catch (error) {
    if (error instanceof VsrFailureError) {
      // SECURITY ALERT: VSR caught data tampering or payload substitution!
      triggerIncidentResponse({
        reason: error.reason, // "AUTH_TAG_MISMATCH" | "SNAPSHOT_ID_MISMATCH"
        expectedHash: error.expectedSnapshotId,
        receivedHash: error.receivedSnapshotId,
        ip: targetIP
      });
      throw new Error("Security Alert: Threat intelligence state integrity is compromised.");
    }
    throw error;
  }
  return null;
}

/**
 * Handle memory tampering events
 */
function triggerIncidentResponse(details: any) {
  console.error("====================================================");
  console.error(" [CRITICAL INCIDENT] AGENT MEMORY INTEGRITY COMPROMISED");
  console.error("====================================================");
  console.error(`Reason:        ${details.reason}`);
  console.error(`Expected Hash: ${details.expectedHash}`);
  console.error(`Received Hash: ${details.receivedHash}`);
  console.error(`Target IP:     ${details.ip}`);
  console.error("Action: Failing closed. Restricting all automated routing rules.");
  console.error("====================================================");
  
  // Page security engineering team and quarantine the agent
  notifyPagerDuty(details);
}

function notifyPagerDuty(details: any) {
  // Integration hook for Slack / PagerDuty alerts
  console.log("Notifying security triage team...");
}

// Example Execution
async function run() {
  await client.ready();
  
  // Store a legitimate indicator
  const cleanIP = "198.51.100.42";
  await client.store({
    path: `threat_intel_ip:${cleanIP}`,
    payload: {
      ipAddress: cleanIP,
      threatLevel: "CRITICAL",
      signatureHash: "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
      notes: "Known command & control node"
    }
  });

  // Querying clean IP
  console.log("Analyzing IP log entry...");
  const intel = await queryThreatDatabase(cleanIP);
  if (intel) {
    console.log(`IP ${intel.ipAddress} confirmed threat: ${intel.threatLevel}`);
  }
}

run().catch(err => console.log("Run finished with error:", err.message));

Operational Incident Response

When VSR catches a discrepancy:

  1. Fail-Closed Execution: The agent does not load the modified threat database. The query throws VsrFailureError and blocks decision execution, ensuring that malicious rules are not applied.
  2. Forensic Trail: The VsrFailureError provides expectedSnapshotId (the client's computed hash of the last known-good state) and receivedSnapshotId (the hash of the data returned by the server). Security engineers can use this difference to audit the replication logs and pinpoint the time of the compromise.
  3. State Recovery: To recover, the client can initiate a state rollback, pointing to the parent snapshot ID manually to bypass the tampered sequence node.

Dev Productivity Session Memory

Give Claude Desktop and Cursor persistent memory that survives quits, reboots, and multi-week project lifecycles.

Healthcare Coach with ADK

Guide patients with an assistant that remembers history across Google ADK sessions while securing PHI via client-side encryption.

On this page

The Memory Poisoning ThreatCode ImplementationOperational Incident Response