Inspiration

In the corporate world, data leaks are alarmingly frequent 88% of breaches stem from human error, costing enterprises an average of $4.88 million per incident in 2025. The rise of AI tools amplifies this: workers increasingly use ChatGPT and similar LLMs to automate tasks, unaware they're uploading sensitive company data to third-party servers. Traditional DLP solutions compound the problem by routing documents to vendor clouds for scanning, creating a security paradox where you're leaking data just to prevent leaks.

What it does

Axiom is a complete, local-first Data Loss Prevention (DLP) ecosystem that prevents sensitive data leakage in real-time. It consists of two native desktop applications:

Axiom Sentry (Employee Agent): A lightweight, glassmorphic desktop app that monitors active windows (Preview, Word, Excel) and clipboard activity. When an employee opens a document, Axiom intercepts it and runs a hybrid detection engine. It flags PII and offers one-click, 100% on-device redaction (e.g., blacking out PDFs or directly patching Office XML files).

Axiom Console (Admin Dashboard): A centralized command center for security teams. It reads from a secure local database to generate live organizational "Exposure Scores," alerting admins to high-risk employees or critical unredacted files in real-time, without ever exposing the actual payload to the network.

How we built it

How we built it To make this work offline, we needed a model small enough to run on consumer hardware but smart enough to understand deep context. Google's Gemma 3 4B was the absolute perfect fit.

The Brain (Google Gemma 3): We built a Python inference pipeline using PyTorch and Hugging Face. We use a fast Regex pass for static patterns (like Credit Cards), but we pass the surrounding text chunks to Gemma 3 4B to detect contextual PII. Gemma is incredibly smart at recognizing that "John's passport is X" is highly sensitive, but "I lost my passport" is not.

The Infrastructure: We packaged the entire pipeline into native desktop apps using Tauri 2.0 (Rust + React/TypeScript). This allowed us to build a stunning UI while maintaining system-level access to monitor file paths and clipboard states.

The Redaction Engine: We wrote custom Python scripts utilizing PyMuPDF to draw visual blackout blocks on PDFs, and deep XML manipulation (using zipfile and xml) to patch .docx, .xlsx, and .pptx files from the inside out, removing PII without destroying the file's formatting.

The Database: We used a shared SQLite database (rusqlite) to allow the separate Rust processes (Admin and Employee) to communicate asynchronously and instantly.

Challenges we ran into

Running LLMs inside Desktop Apps: Getting a 4 Billion parameter LLM to play nicely inside a packaged Tauri desktop application was a massive hurdle. We had to manage Python subprocesses natively from Rust, ensuring the AI inference pipeline didn't block the React UI thread.

The Rust Borrow Checker: We fought hard against the Rust compiler to manage memory safely while passing large blocks of parsed document data between the UI, the SQLite database, and the Python AI process.

Complex File Redaction: Figuring out how to redact .xlsx and .docx files by directly patching their raw XML structure without corrupting the files or breaking embedded charts took immense trial, error, and regex crafting.

Accomplishments that we're proud of

00% On-Device AI Inference: Successfully deploying Google's Gemma 3 4B entirely locally, proving that enterprise-grade AI security doesn't require a cloud API.

Seamless IPC Architecture: Building a beautiful, highly responsive dual-app architecture where the React frontend, Rust backend, Python ML scripts, and SQLite database all communicate in real-time.

Non-Destructive Redaction: Creating a deep redaction engine that permanently strips PII from Office documents while flawlessly preserving their original design and complex formatting.

What we learned

We learned how to orchestrate complex Python machine-learning environments inside strict Rust binaries. We leveled up our understanding of multi-threading, inter-process communication (IPC), and SQLite concurrency. Most importantly, we discovered the incredible power and efficiency of Google's Gemma models for highly specific, instruction-tuned NLP tasks at the edge.

What's next for Axiom

We plan to fine-tune a customized Gemma weights adapter specifically for edge-DLP to make inference even faster and more accurate for obscure legal/financial documents. We also want to expand our OS-level monitoring to support Windows natively, and implement organizational policy controls that actively block the OS from attaching files to emails or Slack messages if Gemma detects unredacted Critical PII inside them.

Share this project:

Updates