m e m b r n . a i
MemBrain
v0.10.1 · Pre-1.0 · Open source

Your team's AI forgets between sessions. MemBrain gives it one safe, shared brain.

Your team's AI forgets everything between sessions — and leaks context across tools. MemBrain is a drop-in, self-hosted proxy that gives your whole team one safe, shared brain across every AI provider: institutional knowledge injected into every request, PII-rescanned and access-controlled, so nothing touches anyone's SaaS.

Cognitive Functions

Shared memory first — safe by default

Memory injects your team's institutional knowledge into the next prompt. Detection rescans it for PII on the way in; Trust keeps every brain tenant-isolated. One pipeline, one audit trail, self-hosted.

🧠

Memory

A shared knowledge store on pgvector with semantic search and auto-extraction. The next prompt about the same topic gets your team's prior answer injected as context — PII-rescanned on injection — before it reaches the model. Shared across personal, team, and org scopes, not siloed.

πŸ›‘

Detection

25+ PII patterns plus optional ML NER fire on every proxied request, before caching, before logging, before the LLM sees anything — and fail closed under scanner errors. Cache keys and audit logs are scrubbed of detected PII before write.

βš–

Enforcement

Six policy modes — pass, log, alert, redact, block, confirm — with tool-policy fnmatch globs and human-in-the-loop approval for destructive actions. Deliberate, rule-based decisions about what the model is allowed to do.

πŸ”€

Routing

Multi-provider across Anthropic, OpenAI, Claude CLI, Ollama and 100+ LiteLLM models, with tier / cost / privacy-based routing, fallback chains, and exact + semantic response cache. The right request to the right model.

πŸŒ™

Visibility

An audit log with SHA-256 hash chain, encrypted PII mapping, GDPR export and right-to-erasure, an alert engine (webhook + Slack), and a Prometheus /metrics endpoint. See every AI interaction across your team.

πŸ”’

Trust

Multi-tenant isolation across cache, MCP registry, audit, and knowledge, plus RBAC, OIDC SSO + SCIM, peppered API-key hashing, and atomic key rotation. The shared brain stays each team's own. More →

NEW · Multi-Actor Coordination

Built for human teams and agent fleets

When multiple actors work in the same project — across timezones, across an agent fleet, or both — MemBrain coordinates them. Every chat already flows through; the substrate already knows who's doing what.

πŸ’‘

See what teammates already asked

When you start a chat, MemBrain shows related Q&A from your team in a side card. You decide what to use — nothing is added to the prompt without a click. Detected PII gets redacted to canonical labels before it crosses actors.

πŸͺ

A shared inbox for humans and agents

Agents escalate decisions to a person, hand off long-running work, or flag duplicates — and pick up tasks meant for them without stepping on each other. One Python SDK call to enqueue, claim, or complete.

πŸ“Œ

Pinned threads

Mark a conversation as available for continuation by a teammate or your future self. Auto-surfaced matches redact detected PII; pinning is the path that shares the conversation as-is — the originator opts in by pinning.

πŸ—ΊοΈ

Task coordination + handoff

Declare what files you're touching at checkout. Get a warning if your diff overlaps another in-flight task. On checkin, MemBrain pulls the transcript, extracts a structured summary, and leaves it for the next agent to read before starting related work.

Audit, REST, SDK, and dashboard for all four surfaces — explore the docs →

See It In Action

A dashboard for your team's shared brain

Real-time visibility into the memory, PII detection, and every AI interaction across your team.

MemBrain Dashboard Overview
Overview DashboardRequest metrics, cost tracking, and system health at a glance

Multi-Layer Architecture

Cognition at every level

One brain per scope — personal, team, organization. Shared memory, policy, and PII detection cascade up; the org sets the floor, teams set their own, individuals add their own on top.

πŸ‘€
Personal
πŸ‘₯
Team
πŸ›‘
Organization
πŸ€–
AI Providers
πŸ‘€

Personal brain

Run a MemBrain on your own machine. Detected PII gets redacted at your edge before it reaches a shared brain. You add memory and policies on top of the team defaults.

πŸ‘₯

Team brain

Sales, Engineering, Legal — each team gets its own scoped brain with shared memory, specialized policies, and scoped knowledge. Teams collaborate independently; the org sees the trail.

πŸ›‘

Organization brain

The org-wide floor: PII detection, policy, and budgets enforced across configured teams and personal instances. Designed to keep detected PII from reaching external models — subject to your configured patterns and NER model.

Why MemBrain

How MemBrain compares

Routing and PII redaction are table-stakes — several gateways do them well. None of them give your team shared, governed memory you self-host. We do.

Open Source, Self-Hosted PII Detection / Redaction Multi-Provider Routing Shared Governed Memory Shadow-AI & MCP Coverage
MemBrain Apache 2.0 25+ patterns + ML NER Anthropic, OpenAI, Claude CLI, Ollama, 100+ via LiteLLM PII-rescanned, tenant-isolated Transparent proxy + MCP
LiteLLM Yes Presidio 100+ models
Cloudflare SaaS only DLP AI Gateway Edge only
Portkey Apache 2.0 Guardrails 250+ models Partial (MCP)
Kong OSS core + enterprise Via plugins Via plugins

Comparison based on publicly documented capabilities as of June 2026 — verify current offerings. MemBrain is pre-1.0 (0.10.1) and holds no compliance certifications yet; several listed competitors publish SOC 2 / ISO 27001 attestations — check each vendor's current trust page. Competitor offerings change frequently.

How It Works

Deploy in minutes, not months

Whether you're one developer or an entire organization, MemBrain drops in without code changes.

πŸ‘€

Personal

1

Install and run

docker compose up — your personal MemBrain is running in under 60 seconds.

2

Point your API calls at localhost

Set OPENAI_BASE_URL=http://localhost:8001/v1. Memory, PII detection, and policy enforcement apply to every request routed through the gateway.

3

Your data stays yours

Detected PII gets redacted at your edge before it reaches a shared brain or an external model. You choose what to share.

πŸ›‘

Organization

1

Deploy at the org edge

Docker Compose, Kubernetes, or network proxy mode — fits your existing infrastructure.

2

Route all AI traffic through MemBrain

Org-wide PII detection, policies, and budgets enforced across configured teams.

3

Spin up team brains, enforce, audit

Give Sales, Engineering, and Legal their own brains. Import team memory, review audit logs, export compliance reports. Full visibility across every AI interaction.

Pricing

Start free, scale as you grow

Self-hosted and open core. Pay only for enterprise features.

Community

Free, forever
  • Personal brain (OpenAI, Anthropic, Claude CLI, Ollama)
  • PII detection & redaction (25+ patterns)
  • Real-time dashboard
  • Rate limits & budgets
  • Tool policy enforcement (fnmatch globs)
  • Response caching
  • Memory & semantic recall
  • Full audit trail
  • Prometheus metrics
Get started
Most Popular

Team

$499/mo or $4,990/yr
  • Everything in Community
  • Team queue & multi-agent coordination
  • MCP governance & policy
  • Alerting & webhooks
  • Compliance reports (GDPR, PII summary)
  • Up to 10 seats
  • Email support
Get started

Enterprise

From $24k/yr
  • Everything in Team
  • SSO (OIDC) & SCIM provisioning · SAML coming soon
  • ML NER PII detection (BERT)
  • SIEM export (Splunk, Datadog)
  • Audit-log integrity (hash chain)
  • Vault integration
  • Unlimited seats
  • Dedicated support & SLA
Talk to sales

Add-ons

Γ€ la carte modules for teams that want a single Enterprise feature without the full tier.

  • Shadow AI detection
  • Custom PII patterns
  • Advanced model routing
  • Dedicated deployment review
Talk to us

FAQ

Common questions

Everything you need to know about getting started.

Both are real open-source gateways that route to models and redact PII — Portkey's full gateway is Apache-2.0 with 40+ guardrails, and LiteLLM masks PII with Presidio. They route and redact; neither gives your team shared memory. We do — self-hosted. MemBrain injects your team's prior, PII-rescanned, tenant-isolated knowledge into every request, all under one audit chain.

No. MemBrain works as a drop-in proxy. Point your existing OpenAI or Anthropic SDK at the MemBrain gateway URL. For org-wide protection, deploy at the network level with a DNS override — no code changes, no agent installs, every AI tool covered.

OpenAI, Anthropic, Claude CLI, and Ollama are supported natively. With the optional LiteLLM integration, you get access to 100+ models including Azure OpenAI, Google Gemini, AWS Bedrock, and more.

An LLM forgets everything between sessions, and each teammate's context lives in a different tool. MemBrain gives your whole team one shared brain: a governed memory layer (Memory) that injects institutional knowledge into every request, rescanned for PII on the way in (Detection) and kept tenant-isolated (Trust). The logo is a brain because the memory is the point — self-hosted, so it stays yours.

Yes. The Community tier is free forever and includes the core proxy, PII detection, dashboard, rate limits, budgets, caching, and full audit trail. Enterprise features require a license.

The community core is open source under Apache 2.0 and free to self-host. Paid tiers add enterprise features — SSO/SCIM, team queue, and advanced detection. No waitlist, no trial clock.

Give your team one safe, shared brain

Open source under Apache 2.0. Self-host it in minutes.

Get started View Documentation