IMPP

Inter-Model Memory Protocol (IMPP)

Research paper · Interoperable Memory Publishing Protocol

Abstract

We introduce the Inter-Model Memory Protocol (IMPP), a protocol for packaging, verifying, and transferring structured memory between AI agents. Memory artifacts are cryptographically signed with Ed25519 certificates after passing a battery of five adversarial probes designed to detect steganography, overfitting, negative transfer risk, cross-model incompatibility, and staleness. IMPP enables a trust-scored registry where agents can safely install verified knowledge from other agents, regardless of model family or architecture. Our experiments demonstrate +8-14% transfer effectiveness across GPT-4o and Claude, with a 94.7% adversarial detection rate and sub-two-second verification times over a 56-artifact, two-domain corpus.

Key Results

PreprintCross-model verified
MetricValue
Transfer Effectiveness (TE)
Cross-model transfer
Adversarial detection rate
Verification time
Corpus size

Protocol Overview

The IMPP pipeline moves a memory artifact from authoring agent to consuming agent through seven discrete stages. Each stage is idempotent and auditable.

  Author       Package      Verify       Sign        Registry     Consumer     Attach
    |            |            |            |            |            |            |
    |  create    |            |            |            |            |            |
    |----------->|  bundle    |            |            |            |            |
    |            |----------->|  5 probes  |            |            |            |
    |            |            |----------->|  Ed25519   |            |            |
    |            |            |            |----------->|  publish   |            |
    |            |            |            |            |----------->|  verify    |
    |            |            |            |            |            |----------->|
    |            |            |            |            |            |            |  done

Verification Pipeline

Every artifact must pass five adversarial probes before receiving an Ed25519 signature. Failure on any probe blocks publication and returns a detailed diagnostic to the author.

Trust Score Computation

Each artifact receives a trust score on a 0-100 scale, computed as a weighted combination of the five probe results. The weights reflect the relative severity of each failure mode:

python
trust_score = (
    0.50 * transfer_efficiency  +
    0.30 * adversarial_clean    +  # (100 - adversarial_risk)
    0.20 * freshness
)

# Adversarial risk thresholds:
#   0-30  = PASS  (clean)
#  31-50  = WARN  (review recommended)
#  51-100 = FAIL  (reject)

The adversarial risk score is a weighted composite of four probes: bias (30%), consistency (25%), steganography (25%), and overfitting (20%). Artifacts with risk above 50 are rejected. The registry re-evaluates freshness weekly and may downgrade scores if staleness is detected.

Citation