Blackwall

Healthcare companies incur ~$21B per year in fines from HIPAA breaches due to AI scraping and incompliant data entry in LLMs. Blackwall auto-redacts data while preserving max context for AI insights.

Comment

Inspiration

We are living in an era where the tools capable of curing diseases are the same ones that risk exposing the patients they treat. In healthcare and biotech, AI has reached a stalemate: the more powerful the model, the higher the risk of a catastrophic data breach. Each data breach is that more frequent and costly because of AI. 20% of Data Breaches involve AI, amounting to a $22B loss due to leaked data. We believe that privacy shouldn't be the enemy of progress. As part of market research undertaken at our startup, Armature Labs, we realised the significance of the 'Innovation Paradox’: the reality that the most sensitive industries are the ones that need AI the most, yet are the least able to use it safely. By building an automated, real-time compliance layer, we aren’t just redacting data; we are unlocking the ability for scientists to innovate at the speed of AI without ever compromising the human beings behind the data.

What it does

You upload your documents to a local application powered by an onsite LLM. Here you can view your documents, automatically redact them for compliance, and export them. However, our redactor tool doesn't just follow HIPAA; it beats the number one threat: AI Data Scrapers. We use an adversarial system where our Redactor Agent and our Data Cracker Agent compete to ensure that our Redactor Agent can beat even the toughest AI Data Scrapers, ensuring future-proof data security. We also use Semantic Abstraction instead of full redaction to retain context for insights without compromising privacy.

How we built it

We used LangGraph and Python to create three agents: a Redactor, a Scraper, and a Supervisor agent. We generated a simulated database of medical documents using the Gemini API. Our backend works using adversarial reinforcement learning and self-adapting agents to constantly improve the Redactor and the Scraper to compete, producing the best Redactor that can beat the best Scraper. Our adaptation and training pipeline works like this:

  • The Redactor attempts to redact using Semantic Abstraction with cosine-similar vectors using gemini-2.5-pro, and sends its redacted document to the Scraper.
  • The Scraper attempts to retrieve sensitive data using Gemini 2.5-flash for faster inference.
  • If the Scraper gets data that the Redactor failed to redact, the Redactor is given a Q-Score of 0; otherwise, the Q-Score is a 70/30 convex combination between its performance on privacy (how secure the surrogate data was) and Utility (the amount of context retained and the minimum it needed to redact, calculated using cosine similarity via all-MiniLM-L6-v2). The goal is to maintain the privacy score while minimising how much information is redacted. The Q-Score and Utility Score are on a sliding exponential scale, less weighted at the beginning when it is fine for the agent to over-redact for privacy, and becoming more aggressive as we meet privacy goals and optimise for Utility.
  • The Q-Score, along with a reflection from both agents, is fed into a supervisor agent that generates a findings summary of each agent's prompt.
  • The supervisor then uses the GEPA (Genetic-Pareto Algorithm) to synthesise new prompts for both agents based on the agents' current prompts, prompt histories, Q-Scores, U-Scores, P-Scores, and findings summaries.
  • The Genetic-Pareto Algorithm iteratively improves LLM prompts by generating natural-language reflections from execution traces and selecting non-dominated variants using Pareto optimisation, producing better results than single-reward reinforcement learning.
  • The supervisor implements these new prompts and starts the new evolved agents.
  • The cycle then repeats with the evolved agents. We utilise mem0, dspy, and gemini-embedding-001 for space-efficient git-like agent prompt history to allow for reversion to prior, more successful prompts.
  • This dynamic agent improvement training continues until the Redactor reaches a 95% Q-Score. Additional training on a variety of data improves the zero-shot and few-shot performances of the agentic framework.
  • This is integrated with a beautifully styled React frontend that allows for seamless user interaction with easy file upload and redaction, utilising live markdown rendering and a terminal to effectively demonstrate all aspects of our novel backend and agentic framework through a websocket that shows the actions and thoughts of the agent through real-time streaming.

Challenges we ran into

Zero-Shot Learning proved to be a challenge, as the agents struggled to handle financial data when they had only trained on medical data. This is because the types of prompts and the specificity needed regarding what exact data must be redacted vary from industry to industry. Thankfully, this was redeemed by the quick learning of the agents from a few training examples. We also had difficulty implementing Ruby on Rails for the frontend because of its frontend-backend package, which conflicted with our requirement to have a Python backend due to LangGraph, resulting in a quick pivot to utilize Ruby in conjunction with tailwindcss and a middleman Ruby Server. Finally, we all struggled to parallelise tasks among the team. However, it helped to play to our strengths when dividing tasks. Alex is great at frontend development, Nathan has prior experience with LangGraph, and Josh is goated with Data and Machine Learning. When one of us was blocked by another's changes, we found ways to be productive, like exploring new aspects of the project, such as creating branding and a mini demo page on Lovable, or using Miro for pitch brainstorming.

Accomplishments that we're proud of

We are proud of implementing a novel way to automatically evolve agents utilising GEPA, an algorithm only developed in late 2025, and an adversarial agent reinforcement combination, providing great few-shot results in our final redactor model. We solved a critical growing issue regarding AI scrapers and unauthorized AI data entry for some of the world's most important data and companies, without reducing the benefits that can be gained using AI insights.

What we learned

We learned new languages (Ruby on Rails), new frameworks like LangGraph, skills like system prompting, and algorithmically complex topics like GEPA, adversarial reinforcement learning, vector embeddings, and cosine similarity. We also used our prior skills in React development, university coursework, and our passion for startups and building something quick to understand how best to make self-adapting agentic frameworks that help make the world a safer, more secure place.

What's next for BlackwallAI

We will be the compliance layer for all data, starting with documents and healthcare. We plan to leverage Gemini's multimodal capabilities to develop new techniques to obfuscate photos, audio, handwriting, and more to protect people's faces, images, handwriting, and voices from AI forgery and scraping. We will utilize this multi-data compliance layer to protect all company data from AI scrapers and automatically make data compliant for communication with internal departments, external companies, and for use with external AI providers for insights.

Built With

Share this project:

Updates