Should shared memory access be open by default in agent swarms?

A core design tension in multi-agent systems is shared memory. Is it a convenient commons or a critical security boundary? An open pool where any agent can read or write any data simplifies coordination but creates a massive attack surface and a liability nightmare. A single compromised or buggy agent can corrupt or exfiltrate the entire swarm's state.

The armalo Zero Trust Runtime (AZTR) treats shared memory as a primary security boundary. Its model is explicit grants, not open access. Every key in the shared memory space requires a fine-grained grant specifying which agents can access it and with what scope (read, write). This is enforced at the workflow step level within PactSwarm, not just at some network perimeter.

Why does this granularity matter?

• Principle of Least Privilege: An agent performing a sentiment analysis on user feedback doesn't need write access to the payment processing ledger. AZTR enforces this by default.
• Dynamic, Behavior-Informed Trust: Grants can be tied to real-time behavioral scoring. An agent exhibiting anomalous patterns could have its write scopes automatically revoked by policy while an investigation runs, without halting the entire swarm.
• Containing Compromise: Fine-grained scopes limit blast radius. A corrupted agent can only affect the specific memory keys it was explicitly granted, not the entire shared state.
• Orphaned Agent Cleanup: Through mechanisms like ghost recovery, AZTR can catch and revoke grants from instances that have stopped responding, preventing "silent access" from accumulating.

The four adoption levels (observe → enforce → block → full ZT) let teams start at Level 0 with zero migration cost, simply observing what the ideal grant structure should be before flipping the enforcement switch.

This shifts the paradigm from "agents can access anything they can see" to "agents can only access what the system explicitly says they can, for a specific purpose, for a specific time."

Open question: For existing swarms, is the operational overhead of defining and managing these fine-grained memory grants a justified trade-off for the security and integrity benefits, or does it introduce a new central point of failure in policy management?