Kernel Guarded AI Architecture

Stop feeding your secrets to the cloud. We built a Kernel-Guarded, offline AI that enforces security at the database engine level that allows you to query sensitive data without ever leaking it.

Comment

Inspiration

In the age of AI, data is the new oil—but we are spilling it. Every time a company asks ChatGPT to "analyze sales data," sensitive information is sent to external servers, creating massive privacy risks. We asked a fundamental question: How can we leverage the intelligence of an LLM without ever trusting it with our database secrets?

We wanted to move beyond "Prompt Engineering" for security (which is easily jailbroken) and implement Kernel-Level Security, where the database engine itself physically rejects unauthorized access, regardless of what the AI tries to do.

What it does

Kernel-Guarded AI is a sovereign, offline intelligence platform that allows users to query sensitive databases using natural language, with zero risk of data exfiltration.

  • Zero-Trust SQL Generation:
    The user asks a question (e.g., "Show me VIP patients"). The system generates SQL using a local LLM running entirely offline.

  • Kernel-Level Enforcement (RLS & CLS):
    The query is executed against a PostgreSQL database protected by Row-Level Security (RLS).

Example:
If Dr. House logs in, the database kernel hides rows belonging to Dr. Strange. Even if the AI tries to SELECT *, the database returns only what House is allowed to see.

  • Intelligent Visualization:
    The system creates a "Digital Twin" of the data. It analyzes the query context and automatically classifies the best visualization method—switching dynamically between 3D Cityscapes, Pie Charts (for distributions), or Bar Graphs.

  • Hybrid RAG:
    For non-SQL questions (e.g., "What are ICU visiting hours?"), a Semantic Router switches to a RAG engine that queries local policy documents instead of the database.

How we built it

The architecture follows a strict "Air-Gapped" philosophy:

  • The Brain (Local LLM):
    We used Ollama and LM Studio to run open-source models (like Llama 3 / Mistral) locally. No OpenAI API keys; no internet required.

  • The Vault (Database):
    PostgreSQL running in Docker. We wrote complex SQL policies for RLS (CREATE POLICY) to strictly define which user role can see which rows.

  • The Bridge (Backend):
    Built with Python (FastAPI). We implemented a Neural Router that classifies user intent (Data vs. Knowledge) and securely connects to the database using SQLAlchemy.

  • The Face (Frontend):
    Built with React and TailwindCSS.

  • The Hologram (Visualization):
    Built using React Three Fiber (Three.js) to render a 3D interactive data city. A logic layer analyzes data shape to determine whether a Pie, Line, or Bar chart is mathematically appropriate.

Challenges we ran into

  • The Boolean Trap:
    The LLM generated WHERE is_vip = 1 instead of WHERE is_vip = TRUE, causing strict PostgreSQL errors. We solved this by making the system prompt type-aware.

  • CORS & Docker Networking:
    Connecting a localhost frontend to a containerized secure database while enforcing strict RLS policies was a networking nightmare.

  • The "Empty View" Problem:
    When RLS worked too well, the AI panicked after receiving zero rows. We trained it to gracefully handle "Access Denied" states.

Accomplishments that we're proud of

  • True Offline Capability:
    Pulling the ethernet cable does not stop the system. It is fully sovereign.

  • Mathematically Secure:
    We proved that security is enforced by the database kernel
    (Security \in Database), not the AI prompt
    (Security \notin Prompt).

  • 3D Spatial Interface:
    A "SimCity"-style data view makes anomalies (like a \$900k bill) instantly visible.

  • Smart Charting:
    The system dynamically decides how to visualize data—Pie for distributions, Line for trends, Bar for comparisons.

What we learned

"Trust" is an architectural decision, not a feature. By separating the Reasoning Engine (LLM) from the Storage Engine (SQL) and placing security between them, we can build AI systems compliant with GDPR and HIPAA without sacrificing conversational intelligence.

What's next for Kernel-Guarded AI

  • Honeypot Mode:
    Unauthorized queries are redirected to a fake dataset, trapping attackers.

  • Sentinel Audit Logs:
    A UI to visualize how RLS policies filter data in real time.

  • Voice Interface:
    Hands-free querying for doctors during surgery.

Built With

Share this project:

Updates