when an AI system remembers or forgets something, we’re expected to trust it. There’s no clear way to prove what it remembered, when it happened, whether it changed, or if something was truly deleted.
That lack of visibility creates real problems for trust, safety, and accountability.
VMP stands for Verifiable Memory Protocol. It is a system that makes it possible to prove what an AI system remembered, forgot, or relied on without exposing the actual data.In simple terms, VMP turns AI memory into something you can point to, inspect, and verify later.
VMP doesn’t store your data. It stores cryptographic proof that something happened.
It records events, moments where something meaningful happened. Examples of events include: saving information, updating existing memory, deleting data, or making a decision using a specific input.
VMP does not record conversations, files, or raw user data.
For every event, VMP produces a piece of cryptographic proof. This proof acts like a receipt that the event occurred at a specific time.
The proof can be stored, shared, or verified later, even outside the system that created it.
VMP relies on well-known cryptographic techniques, but the ideas behind them are straightforward.
Each event is turned into a short digital fingerprint. If anything about the event changes, the fingerprint changes completely. This makes silent edits detectable.
Each fingerprint includes a reference to the one before it. This links events together into an ordered timeline that cannot be altered without breaking the chain.
To stay efficient, multiple events are grouped and sealed together. The seal acts like a tamper‑evident envelope around everything inside.
Each sealed group is signed using a cryptographic key. This proves which system produced the proof and prevents forgery.
Something meaningful happens inside an AI system — new information is stored, an existing memory is updated, or something is deliberately forgotten. VMP does not interfere with this process. It simply observes that an action occurred.
The moment is turned into a unique digital fingerprint. This fingerprint proves that the action happened at a specific time, without revealing what the actual data was.Even the smallest change would produce a completely different fingerprint, making silent edits immediately detectable
Each new event is connected to the one before it. This creates a clear, ordered history where earlier moments are locked in place and cannot be changed without breaking everything that follows.
To stay fast and efficient, events are collected into small groups and sealed together. Each group receives a single shared proof that represents everything inside itThis keeps verification lightweight while preserving a strong guarantee that nothing inside the group was altered or removed.
Proofs created by VMP do not depend on the system that produced them. They can be verified outside the platform, on a different machine, or even after the original system is offline.
In most systems, deletion means trusting that something is gone. There is no lasting evidence that forgetting actually occurred.
With VMP, deletion is treated as a first‑class action. When something is removed, the system records a dedicated deletion event and issues a signed deletion receipt.
This receipt can later be used to prove that the system did, in fact, forget.
Timestamped • Recorded • Verifiable
VMP proofs can be checked outside the main system. Not hidden. Not locked. Not controlled by one interface..
If you have the proof, you can verify it
What it is?
A small desktop app anyone can download.
What it does?
It lets you open a VMP proof and check if it’s real.
Why it matters?
You don’t need access to the original AI system. You don’t need special permissions. You don’t even need to be online.
VMP fits into existing systems instead of replacing them.
What they are?
Simple tools developers use to connect their systems to VMP.
What they do?
They let systems send events to VMP without changing how the system works.
Open Source
SDKs are open and inspectable. They do not expose private data. They are just connectors.
Learn how VMP proofs can be verified independently, step by step.
What the documentation covers
How the desktop verifier and SDKs work, how proofs are structured, and how verification is performed.
What you’ll understand
How integrity checks succeed without access to the original system or any trusted service.
Why verification is reliable
Proofs are self-contained. All data required for verification is included in the proof itself.
VMP is designed to sit alongside existing AI systems. It does not replace your models, databases, or storage. Instead, it adds a shared layer of proof across them.
AI System
Your AI models, agents, and applications continue to decide what to remember, update, or delete. VMP does not change their logic or behavior.
VMP Recording Layer
VMP Recording Layer When a meaningful action happens, the AI system sends a small signal to VMP. This signal contains no raw data. It only describes the action that occurred and the moment it happened.
Proof & Verification Layer
VMP turns those signals into cryptographic proofs. These proofs can be checked later by tools, auditors, or users without access to the original system.
The diagram below shows how information flows through the system. The key idea is that data stays where it is, while proof moves outward.
