How It Works4-layer execution boundary
Proving GroundLive interactive demo
ArchitectureDeep technical dive
WhitepaperThe official PDF thesis
New
Protocol (EAAP)Open protocol spec
IntegrationsMCP, ChatGPT, REST API
Code AnalyzerCheck your code risk
New
Use CasesFinTech, Healthcare, SaaS, Legal
SOC 2 Audit TrailsAI Agent Compliance
Stop AI SQL InjectionDatabase Governance
Compare ToolsExogram vs alternatives
vs Guardrails AIAction Filtering vs Infrastructure
vs LangChainOrchestration vs Control
Trust CenterCompliance & Security
API ReferenceREST API endpoints
CLI ReferenceTerminal commands
New
MCP SetupClaude Desktop integration
Docs HubAll documentation
Answers & FAQCommon questions
GlossaryAI governance terms
Learning HubGuides & deep-dives
BlogLatest posts & insights
Failure CasesReal AI agent failures
RFC-0001Full protocol spec
PricingGetting Started
Log inGet Started Free →

Agent Scratchpad (Memory State)

Definition

A temporary memory storage mechanism (often a text, markdown, or JSON file) used by autonomous AI agents to overcome context window limits during long, multi-step tasks. In a ReAct (Reason + Act) loop, the agent reads and writes its thoughts, observations, and current progress to this scratchpad to avoid forgetting previous steps.

Why It Matters

Scratchpads are frequently treated as reliable system state by developers, but they are highly vulnerable. A text file can be easily corrupted by agent hallucination, injected with malicious prompts from retrieved data, or suffer from semantic context drift. Executing production infrastructure actions based solely on an easily-manipulatable scratchpad is a massive security risk.

How Exogram Addresses This

Exogram completely ignores the agent's internal scratchpad. Instead, Exogram independently verifies the actual system state via state hashing (TOCTOU prevention) and records the execution in a cryptographically immutable ledger. Agents track thoughts using scratchpads; Exogram enforces truth using verified states and ledgers.

Is Agent Scratchpad (Memory State) vulnerable to execution drift?

Run a static analysis on your LLM pipeline below.

STATIC ANALYSIS

Related Terms

TOCTOU AttackAI Audit TrailAI Response DriftAI Hallucination
medium severityProduction Risk Level

Key Takeaways

  • This concept is part of the broader AI governance landscape
  • Production AI requires multiple layers of protection
  • Deterministic enforcement provides zero-error-rate guarantees

Governance Checklist

0/4Vulnerable

Frequently Asked Questions

Try the Proving Ground2-Minute Quickstart →