Summary. SAIHM (Sovereign AI Horizontal Memory) is an open-source protocol (Apache 2.0) and live reference implementation (npm @saihm/mcp-server) that gives AI users two things current AI vendors do not: portable memory across vendors, and cryptographically verifiable erasure of that memory. Once erasure is invoked, deletion is mathematically infeasible to reverse — even with vendor cooperation.

Why this matters. AI agents are accumulating persistent memory of personal context at unprecedented scale. There is currently no standardised way for a user to move that memory between AI vendors, and no way to prove cryptographically that requested erasure actually happened. Vendor-promise deletion is regulatorily untestable. As vendor concentration in AI assistants increases, switching costs grow and the substrate calcifies. The window to standardise an open, portable, verifiably-erasable memory layer is open now and closing.

What's already built and live.

- Reference implementation on npm: @saihm/mcp-server — runs in Claude Desktop / Cursor / any Model Context Protocol client

- Cryptographic erasure primitive: HKDF-derived data-encryption-key destruction + tombstone + storage-tier CID blacklist + audit anchor on a public ledger

- IETF Internet-Draft draft-saihm-memory-protocol-00 on the Independent Submission stream

- OpenSSF Best Practices Passing badge (project 12898) — 100% across 64 criteria

- Apache 2.0 license; reproducible build; documented threat-model scaffolding

What this $25,000 grant enables, six months.

1. Formal threat-model artifact — security properties of the erasure primitive specified for named adversary classes (semi-honest vendor, compromised storage tier, colluding regulator + vendor, sophisticated state-level adversary). Public spec; suitable for adoption by AI safety / privacy researchers.

2. Cross-vendor adapter expansion — beyond the current MCP surface to include LangChain, AutoGen, and at least one additional widely-deployed AI-agent framework. Each ships as a separate package with end-to-end tests. Roughly 3× addressable install surface.

3. IETF Internet-Draft progression — version -00 to -02, with the threat-model annex inlined, advancing toward eventual standards-track consideration.

Each deliverable is independently valuable, each ships within six months, each compounds with the others.

Budget breakdown. $25,000 = six months of focused maintainer time at sustainable part-time rates. No subcontractors at this ticket size. Larger grants in the broader pipeline fund subcontracted work (third-party security audit, formal verification, localization).

Twelve-month measurable signals if this grant succeeds.

- Threat-model artifact published and cited by at least one downstream AI safety / governance project

- Cross-vendor adapters live on npm with publicly-tracked install velocity

- IETF Internet-Draft progresses to -02 with formal threat-model annex

- At least one external security researcher reviews the threat-model and files public commentary

About the maintainer. Sole-maintainer protocol with track record of shipping. Authored the IETF Internet-Draft, designed and implemented the cryptographic erasure primitive, published the reference implementation, earned the OpenSSF Passing badge. Professional background covers years of engineering on commercially-deployed encryption and key-management systems. Decision-velocity advantage of a sole-maintainer Apache 2.0 project over institutional alternatives.

How to verify everything in this proposal. Every claim above is verifiable in public artifacts: npm package install + run; IETF I-D on datatracker.ietf.org; OpenSSF badge on bestpractices.coreinfrastructure.org/projects/12898; reference implementation source under Apache 2.0. No private demos or NDA-gated artifacts required for diligence.