Cena

Protecting your likeness: invisible facial encryptions and local-cloud agent systems for privacy. Ensure your face and data are safe from deepfakes and leaks. [You can't see me... (John Cena, 2016)]

Comment 1

Preview: what's below?

  • New algorithm for invisible facial encryption: the image looks identical to humans but is catastrophic to generative models, tested and tuned with Runpod
  • Complex multi-agent orchestration, featuring local agents on the DGX Spark (Nemotron) collaborating with Claude Agent SDK for data-secure, high reasoning tasks
  • Multi-agent feedback loops, using OpenAI API to enable agent self-verification
  • Bright Data for complex web scraping tasks (tracking your identity across the web)

Overview

As the misuse of AI-generated media and data collection rapidly rises, individuals and organizations need a way to benefit from powerful models while keeping their identity and sensitive data under their own control. Cena is an invisible companion that travels the web with you and safeguards your digital identity. It does this as an embedded platform on your desktop consisting of 3 main features:

  1. Personal image protection: encrypt your photos before you post them so they look normal to people but aren’t usable for AI models to analyze or generate impersonations, using an agent feedback loop.
  2. Safeguarding personal data: a local-remote agent system intelligently de-references personal and sensitive identifiers in your LLM prompts and uploaded files before sending them to cloud AI models, ensuring utility without giving up raw personal information.
  3. Deepfake monitoring: scans the web for images and videos of your likeness and alerts you of likely AI impersonations.

Inspiration

While the capabilities of AI assistants have expanded rapidly over the past few years, a tradeoff for users has emerged between the value they provide and the personal security risks that come with sharing sensitive data. What if we could ensure individual data security while still attaining the same, high-level chatbot utility for users?

Enter Cena.

Our inspiration for Cena originated from the exponential growth of the threat of deepfakes and personal data leakages. These threats can affect any one, at any time. Recently, deepfakes of public images have been exploited for blackmail, slander, and the nonconsensual production of sexual content. In fact, deepfake fraud attempts have surged by over 3,000% annually in recent years. Over the past two years, the number of deepfakes online have increased by 16-fold. As AI models grow in capability and ease of access improves, these effects will become all the more ubiquitous.

When using LLMs, many people worry that the personal details they share can be stored or reused into future model training beyond their control, especially in settings such as HIPAA-regulated healthcare, legal and financial work, and internal company workflows. There has been a 57% increase in AI-driven attacks on user information within the last year. Additionally, 81% of users believe that information collected by AI companies will be used in ways they are uncomfortable with.

What Cena Does

1. Encrypting your digital likeness to protect against deepfake generation.

  • Applies undetectable transformations to images that seem identical to the human eye, but make generating convincing deepfakes impossible.
  • Expanded on image processing techniques to perturb pixel distributions in existing facial images. Survives workarounds such as screenshotting, cropping and resolution altering.

Image temporarily unavailable Workflow of the encryptor, generator and evaluator working in tandem to provide maximal security on input images.

2. Running multi-agent feedback loops before releasing images into the wild for maximum security.

  • Coordinates a triple-agent model: 1) encryptor, 2) generator, 3) evaluator.
  • The encryptor runs the algorithm described above to encrypt an image of a face, where the encrypted image looks identical to the human eye.
  • This encrypted image is then passed to the locally-hosted generator, which attempts to generate deepfakes from this image.
  • These deepfakes are passed to the evaluator, which determines how realistic they are. If the generated deepfakes are deemed convincing above a threshold, the encryption algorithm is re-run on the encrypted image once again. This process repeats until a sufficiently encrypted image is obtained.

3. Data de-referencing to prevent sensitive information from leaking into cloud-based LLMs.

  • Assigned a utility score and sensitivity score to each phrase of text. Utility score measures importance of specificity to ensure the cloud LLM runs accurately. Sensitivity score measures importance of keeping text secure, including a multiplier for contextual inference. We use NVIDIA's Nemotron, hosted on a DGX Spark (using vLLM for fast inference!) to handle and de-reference all private data, aiming to stay cryptographically secure. These agents are then in collaboration with the Claude SDK which performs cloud-based heavy reasoning tasks. The combination of local and cloud agents enables secure, high reasoning workflows, and allows us to push the boundaries of what is possible with either agent alone!

4. Adversarial multi-agent system to safely stress-test your documents.

  • Attacker model that tests cloud LLM’s performance on inferring information from de-referenced prompt to push local agent towards securing personal data. We use the OpenAI API to enable this agentic self-verification!

Image temporarily unavailable Workflow of de-referencing personal information using local agents with access to remote cloud models for computationally-intensive tasks.

5. Web agent to identify deepfakes and AI-generated content online.

  • Agent developed with Claude Agent SDK to search online images using Bright Data. Identifies images as AI generated from a collection of 3 independent signals: visual artifacts using Claude Vision, metadata inspection for AI tool signatures, and frequency analysis using FFT to detect spectral patterns that diffusion models leave behind.

How We Built It

  • Native macOS front-end (SwiftUI)
  • Menu-bar app with translucent overlay HUD, agent chat window, and settings pane
  • Real-time communication with the backend over WebSocket
  • FastAPI + Uvicorn – main API server with WebSocket endpoints for the agent chat
  • Flask – GPU-accelerated image encryption/glazing server
  • Jinja2 templates + SSE for a deepfake-detection web UI

Local AI model – NVIDIA Nemotron

  • nvidia/NVIDIA-Nemotron-Nano-9B-v2 served locally via vLLM
  • Handles PII redaction orchestration and privacy-preserving query rewriting so sensitive data never leaves the device

Cloud AI Models

  • Anthropic Claude (Sonnet, Haiku) via the Claude Agent SDK – used for the cloud relay chat agent and vision-based deepfake artifact analysis
  • OpenAI GPT (gpt-4o, gpt-4-turbo) – alternative cloud LLM option
  • Bright Data SERP API + Scraping Browser for reverse image search (Google Lens) in deepfake detection

Image protection & computer vision (GPU)

  • Stable Diffusion Inpainting (runwayml/stable-diffusion-inpainting via HuggingFace Diffusers) + a RunPod-tuned a PGD algorithm for adversarial attack
  • InsightFace (buffalo_l, ArcFace 512-D embeddings) – face detection and identity matching
  • OpenCV, Pillow, NumPy – general image processing and DCT frequency-domain forensics

GPU compute & deployment

  • Primary target: NVIDIA DGX Spark (ASUS Ascent GX10) via SSH + Docker
  • RunPod GPU pods used for tuning the algorithm, testing it, and providing extra compute needed through their Flash instances
  • PyTorch with CUDA; models run in FP16
  • Deployment automated via deploy.sh (Docker build & push to remote)

Challenges We Ran Into

  • Facial image encryption process: making the difference between original images and encrypted images imperceptible to humans but the encrypted images unusable by AI tools.
  • Separation of local and cloud agents: navigating the dynamic between the local agent’s de-referencing of information before sending to remote cloud agents for higher computational analysis.
  • Orchestration of agents: ensuring communication between agents with various roles.
  • Latency: especially during multi-agent feedback loops, improving performance proved challenging.

Accomplishments

  • Proposing a new facial encryption algorithm to perform modifications to a face which are both undetectable by the human eye and also make your face immune to deepfakes.
  • Pushing state-of-the-art techniques in image processing to achieve stronger performance in new contexts.
  • Handling complex edge-cases in document dereferencing.
  • Merging different expertises and working styles to form a cohesive team environment.

What We Learned

  • Interfacing with high-performance hardware like NVIDIA DGX Spark.
  • Building a cohesive tech stack across cloud technologies like GCP and Runpod and LLM backends like the OpenAI API and Claude SDK.
  • Coordinating complex, multi-agent systems that interact with real-time feedback to alter their course of action.

What's Next for Cena

  • Cross-platform + mobile support.
  • Increasing number of data modalities (e.g., audio to prevent non-consensual voice cloning).
  • More granular control over document data, including the kinds of PII that should be prioritized over others.

Built With

Share this project:

Updates