💡 Inspiration

Enterprises face an impossible dilemma: They want to leverage the power of LLMs, but face massive risks regarding data compliance (GDPR/CCPA), prompt injections, and hallucinations. Traditionally, if an AI model ingests sensitive data, completely retraining it to "forget" that data takes 14–16 hours and costs thousands of dollars in GPU compute. Furthermore, standard RAG systems fail to explain why an LLM made a decision.

We realized that AI Safety isn't just about filtering bad words—it requires a holistic, multi-layered architecture. That inspired us to build Guardial: a unified platform that makes Enterprise AI safe, fully compliant, and mathematically auditable.

⚙️ What it does

Guardial is a comprehensive 5-layer Enterprise AI Safety Platform:

  1. Prompt Shield: A real-time threat detection engine that screens inputs/outputs for prompt injections, PII leaks, and jailbreak attempts.
  2. GraphRAG Engine (Dual-Pipeline): Instead of standard vector search, we use a Knowledge Graph to traverse relationships. We built a live A/B benchmarking system that compares Standard RAG vs. GraphRAG side-by-side (tracking latency, tokens, and reasoning paths).
  3. Hallucination Auditor (ISR): Calculates an Information Source Retrieval (ISR) score by cross-referencing LLM outputs with the Vector DB, mathematically flagging hallucinations.
  4. LLM Unlearning: Uses PEFT/LoRA to selectively "unlearn" restricted data from the model in just 30-40 minutes (instead of full retraining).
  5. Model Forge: A fully traceable fine-tuning pipeline for custom safety policies.

🛠️ How we built it

We architected Guardial for enterprise scale using a highly modular tech stack:

  • Backend: Python and Flask (deployed on Render via Gunicorn).
  • Graph Knowledge Base: We integrated TigerGraph for live RESTPP multi-edge graph traversal (get_full_provenance, get_policy_chain). We also built an intelligent LocalGraphStore (NetworkX) fallback mechanism to ensure zero downtime.
  • Vector Database: ChromaDB for hybrid semantic search (combining vector similarity with graph entity overlap).
  • AI & Orchestration: Google's Gemini 2.5 Flash for high-speed inference and LLM-as-a-judge accuracy evaluation.
  • Machine Learning: Scikit-learn and SpaCy for localized lightweight threat detection, combined with LoRA/Transformers (in the unlearning engine).

🚧 Challenges we ran into

Building a dual-pipeline architecture was incredibly complex.

  1. Graph Traversal Complexity: Writing GSQL to handle multi-hop governance queries required deep optimization. We had to build an Adaptive Depth routing logic to decide when to use GraphRAG vs. Vector RAG.
  2. Deployment Constraints: Our initial ML models (PyTorch/Transformers) exceeded serverless RAM limits. We engineered a lazy-loading dynamic import system that abstracts heavy ML libraries so the core web app remains lightning fast and deployable on platforms like Render.
  3. Observability: Getting an LLM to "show its work" is hard. We overcame this by building a custom _build_reasoning_path tracker that visually renders the exact nodes and edges the GraphRAG pipeline traversed.

🏆 Accomplishments that we're proud of

  • Successfully integrating TigerGraph with a seamless local fallback.
  • Building an automated LLM-as-a-Judge Accuracy Eval that empirically proves our GraphRAG pipeline outperforms baseline RAG by reducing hallucinations.
  • Our Benchmark Dashboard—watching the 8-metric telemetry board visualize latency, token limits, and reasoning paths in real-time is incredibly satisfying.

📚 What we learned

Standard Vector RAG is blind to relationships. We learned that to enforce enterprise policies, you must use a Knowledge Graph. Semantic search can find a document, but only a graph can prove the provenance (Who authored it? What policy governs it? What triggered it?).

🚀 What's next for Guardial

  • Multi-Agent Orchestration: Delegating threat analysis to specific sub-agents.
  • Streaming Unlearning: Implementing real-time continuous unlearning without taking the model offline.
  • Expanded GSQL Schemas: Adding complex RBAC (Role-Based Access Control) edges to the graph.

Built With

Share this project:

Updates