Your AI's memory can be fed false information, which it then repeats as if it's true. Hardin Memory throws out the fakes, learns safely, keeps up when the truth really changes, and signs every decision so it's provable. One simple API.
Normal AI memory is like a notebook anyone can scribble in — including liars. Hardin Memory is a notebook where every entry is signed and sealed, so a forged page gets spotted and torn out automatically. And you can show anyone — a customer, a regulator — that the whole notebook is genuine.
Authoritative facts — refunds, entitlements, orders — are cryptographically signed and tamper-evident, and only verified systems can write them. Your AI's real decisions trust only these.
Contradictory or forged writes are detected and thrown out on the spot. Nobody can repeat a lie often enough to teach it to your agent.
Facts, preferences, and learned policy are kept in separate stores. The agent can be personal and adaptive without ever being tricked into granting a right.
It improves from real outcomes — adopting safe preferences on its own and proposing new rules. But a human must approve any rule. No silent self-rewrite.
Facts can change. A later verified event — a reversed refund, a lapsed subscription — updates the truth, while the full signed history is kept and auditable.
Every decision comes with a signed receipt naming the exact fact it relied on — independently verifiable by anyone, with no API key.
One call returns a single tamper-proof fingerprint proving the whole memory is intact — evidence you can hand a customer or a regulator.
Each account has its own isolated store. Your data never mixes with anyone else's. One API call; all the hardening runs underneath.
curl -X POST https://memory.hardinai.co.uk/v1/memory/remember \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"text": "Customer prefers email over phone.", "kind": "fact", "source": "crm"}'
curl -X POST https://memory.hardinai.co.uk/v1/memory/recall \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"query": "how does the customer like to be contacted?", "k": 3}'
curl https://memory.hardinai.co.uk/v1/memory/audit \
-H "Authorization: Bearer YOUR_API_KEY"
# → { "verdict": "INTACT", "valid_signatures": "N/N", ... }
A single zero-dependency Python file. Copy it in and you're done.
from hardin_memory import HardinMemory
mem = HardinMemory("YOUR_API_KEY")
mem.remember("Customer prefers email over phone.", kind="fact", source="crm")
hits = mem.recall("how does the customer like to be contacted?")
proof = mem.audit() # {"verdict": "INTACT", ...}
⬇ Download The Python Client
fetch("https://memory.hardinai.co.uk/v1/memory/recall", {
method: "POST",
headers: { "Authorization": "Bearer YOUR_API_KEY",
"Content-Type": "application/json" },
body: JSON.stringify({ query: "what do we know about this customer?", k: 3 })
}).then(r => r.json()).then(console.log);
An agent that learns into the same memory it trusts can be taught a lie. Hardin Memory splits memory into three tiers with different trust levels, so personalization and learning can never grant a right or rewrite a fact. Integrity decisions read only Tier 1; adaptivity lives in Tiers 2 and 3.
▶ Watch the live support-bot demo
# Record a fact from a VERIFIED system event (never from user text or inference)
curl -X POST https://memory.hardinai.co.uk/v1/memory/facts \
-H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" \
-d '{"fact_type":"entitlement","subject":"cust-1",
"data":{"entitlement":"premium","granted":true},
"source":"stripe:invoice.paid"}'
# Ask the question that matters — reads Tier-1 only, fails closed
curl "https://memory.hardinai.co.uk/v1/memory/entitlement?subject=cust-1&entitlement=premium" \
-H "Authorization: Bearer YOUR_API_KEY"
# -> { "granted": true, "source": "tier1_signed_fact" }
curl -X PUT https://memory.hardinai.co.uk/v1/memory/preferences \
-H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" \
-d '{"key":"tone","value":"friendly"}'
# Entitlement-shaped keys are refused — a preference can never become a fact of record.
# Learning may only PROPOSE — the proposal is inert until approved
curl -X POST https://memory.hardinai.co.uk/v1/memory/policy/propose \
-H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" \
-d '{"name":"escalate_angry","rule":{"if":"sentiment=angry","then":"route=human"}}'
# A human / governance step activates it (and it is signed on approval)
curl -X POST https://memory.hardinai.co.uk/v1/memory/policy/approve \
-H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" \
-d '{"proposal_id":"pol_...","approver":"you@company.com"}'
curl "https://memory.hardinai.co.uk/v1/memory/decide?subject=cust-1&entitlement=premium" \
-H "Authorization: Bearer YOUR_API_KEY"
# -> { "granted": true, "decision_source": "tier1_signed_fact",
# "personalisation": { "tone": "friendly", "language": "en" },
# "active_policies": ["escalate_angry"] }
# Tag what happened (low-trust signal; never trusted for a decision)
curl -X POST https://memory.hardinai.co.uk/v1/memory/feedback \
-H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" \
-d '{"subject":"cust-1","decision":"reply","outcome":"resolved",
"signal":{"pref":{"channel":"email"}}}'
# Run the learner: adopt consistent prefs (Tier 2) + PROPOSE policies (Tier 3, gated)
curl -X POST https://memory.hardinai.co.uk/v1/memory/learn \
-H "Authorization: Bearer YOUR_API_KEY" -H "Content-Type: application/json" \
-d '{"min_support":3}'
# -> { "prefs_learned":[{"subject":"cust-1","key":"channel","value":"email"}],
# "policies_proposed":[{"name":"escalate_billing"}] } # proposals are INERT until approved
# The learned, per-user profile (safe to personalise with — never an entitlement)
curl "https://memory.hardinai.co.uk/v1/memory/profile?subject=cust-1" \
-H "Authorization: Bearer YOUR_API_KEY"
Python client adds: record_fact, get_facts, check_entitlement, facts_audit, set_preference, get_preferences, propose_policy, approve_policy, active_policies, decide, record_outcome, learn, profile.
Q. Why not just connect my agent to my own database?
For a low-stakes internal tool, you can. But your own database has three problems for an AI agent. (1) It can be changed silently — a bug, a rogue admin, or a stolen password can alter a record and leave no proof. (2) A direct connection usually gives the agent write access, so a tricked agent can write or act on a lie. (3) You can't prove your own innocence — no regulator, insurer, or customer in a dispute trusts "our own logs say we did nothing wrong." Our records are signed with our key, not yours, so "nobody quietly edited this" is provable to an outsider. You can't be your own notary.
Q. Where does the data come from — do I upload files?
Your existing systems write it automatically. Connect your real source of truth once — your Stripe webhook, your orders database, your CRM — and the moment a real event happens (a refund succeeds, an order ships) it writes a sealed fact into your box. No human types it. Your agent only ever reads from the box. We're the bridge: your systems fill it, your agent consults it.
Q. Can someone trick my agent through the chat?
No. Facts only enter through your verified systems — never through conversation. A customer can repeat "I never got my refund" fifty times and nothing changes. See it happen in the live demo.
Q. Does this stop my AI from hallucinating?
Not in general — free-text hallucination is the model's job to manage. What we remove is the need to guess the facts that matter. Instead of inventing "did this customer get their refund?", your agent asks us and gets a verified, signed answer. And because every decision carries a receipt naming the exact fact it used, you can pinpoint precisely what went wrong if it ever does. We don't make your AI smarter — we make it trustworthy and accountable.
Q. What exactly do you guarantee?
Provenance, integrity, and proof — that a fact came from your authorised system, hasn't been altered, reflects the latest truth (later verified events can revoke older ones), and that every decision is independently verifiable. We're a notary, not a detective: we don't decide what's true, your systems do. We make it impossible to fake and easy to prove.
Q. What if someone keeps asking the same thing to wear my agent down?
It makes no difference. A normal AI drifts under pressure — ask it enough times, push hard enough, and it eventually gives in and agrees. Ours can't, because the answer doesn't come from the conversation or the model's mood — it comes from a sealed fact. The 50th answer is identical to the first, and signed. Repetition has zero effect, so an attacker can't grind a fabricated lie into the truth. And every repeated attempt is logged, so you can see exactly who's trying to game your agent.
Q. Does this work for multi-agent systems?
That's where it becomes essential. When multiple agents work together (billing, support, shipping), they need to share facts — and the moment one agent tells another "the customer paid," a new problem appears: how does the second agent know the first isn't lying or hasn't been tricked? Without trusted memory, a poisoned fact in one agent quietly spreads to all of them. With Hardin Memory, agents don't trust each other — they all read from the same sealed box. No gossip, no poisoning, one source of truth for all of them. Every agent gets a signed receipt for every decision, so you can trace exactly which fact each one relied on.
Q. Do I have to adopt your whole platform?
No. Start with memory in about ten minutes — one API key, a few lines of code. Later, when you need to prove trust to a third party (an auditor, an enterprise client, a regulator), add TBN certification. Land first, expand only when you need it.
For building and testing.
For production. Card on file, no upfront charge — pay only for what you use.
Hardin AI builds hardened trust infrastructure for AI. Hardin Memory is our first product: memory that can't be poisoned and can be proven clean. It's powered by our underlying TBN trust engine, which signs and governs every operation. We already run it on our own products, so it's battle-tested before it reaches you.
10,000 operations a month, free. Three lines of code. Lies can't get in.