MBC Minions - The Great Wall

A layer of security to prevent users from accidentally leaking PIIs on communication platforms.

Comment

Inspiration

As AI becomes increasingly integrated into our daily lives, so do the risks of unintentionally exposing personal information. From emails to instant messaging, users often share sensitive details without realizing the potential consequences. We wanted to explore how AI can actively defend user privacy and security by preventing accidental leaks of Personally Identifiable Information (PII).

What it does

Our solution is a privacy-first messaging platform that automatically checks messages (text and images) for sensitive data before they are sent.

If PIIs are detected (e.g., email, phone, NRIC, credit card, address), it is replaced with encrypted placeholders such as [ENCRYPTED_xxx].

Users can later choose to decrypt individual placeholders if they really want to share them.

For images, the system applies censoring/blur to block out sensitive information. This gives users control and awareness, while reducing the risk of accidental data leakage.

Project is capable of AWS deployment, but for efficiency and cost sake, local deployment will be used for the demo

How we built it

Frontend: Built with the Lynx platform , providing a simple chat UI, user registration, and chat list pages.

Backend: Built with FastAPI , exposing REST APIs for registration, chat management, and messages. Originally we prototyped with WebSockets, but later shifted to real-time polling for better compatibility with Lynx during the POC phase.

AI Layer:

  1. Google Generative AI for text classification and PII detection
  2. HuggingFace Hub / Datasets NER models for PII classification
  3. Roboflow For Computer Vision Datasets

Storage: In-memory dictionaries store users, chats, and messages (sufficient for demo purposes).

Docker for containerization. Terraform to provision cloud resources on AWS (EKS).

Libraries/Tools:

Frontend

  1. lynx, js/react — Lynx framework (TikTok-style UI)
  2. tailwindcss — styling
  3. rspeedy (Rsbuild/Rspack) — build tool
  4. axios — API calls

Backend

  1. Framework — fastapi, uvicorn 2.Validation & Security — pydantic, email-validator, python-multipart, tenseal, sentry-sdk
  2. NLP & AI — torch, datasets, huggingface-hub, google-generativeai, google-ai-generativelanguage
  3. Networking — httpx, aiohttp
  4. Data Handling — numpy, pandas, pyarrow

Challenges we ran into

  1. WebSocket integration: WebSockets worked very well in a plain HTML frontend, but were difficult to integrate with Lynx. This led us to pivot to real-time polling for the demo.
  2. Balancing usability vs. privacy: Replacing text too aggressively made conversations unreadable, while being too lenient risked leaks. We had to tune thresholds carefully.
  3. General Integration with Lynx: Although we had the proper functions to do more such as allowing users to uncensor individual PIIs instead of the entire message, we found it difficult to integrate with Lynx as all of us were unfamiliar with the platform which led to a lot of time spent on learning how to navigate it.

Accomplishments that we're proud of

  1. Successfully built a working messaging platform with user registration, chat creation, and real-time(ish) message delivery.
  2. Implemented dynamic PII redaction and decryption of placeholders, letting users reveal data on demand.
  3. Integrated both text and image privacy filters, showing the system’s versatility.
  4. Managed to adapt our architecture (switching from WebSockets to polling) without losing core functionality, proving our adaptability under hackathon time pressure.

What we learned

  1. How to integrate AI services into a live messaging workflow.
  2. The importance of clear API contracts between frontend and backend (e.g., JSON parsing bugs taught us to add better error handling and logging).
  3. How to use Lynx! (somewhat 0.0)

What's next for MBC Minions - The Great Wall

  1. Migrate back to WebSockets or SSE for efficient real-time communication at scale.
  2. Persistent storage (e.g., PostgreSQL) instead of in-memory data, enabling long-term conversations.
  3. Smarter AI models that understand context better, reducing false positives while catching edge cases.
  4. Granular privacy controls (users can choose what types of PII to filter).
  5. End-to-end encryption so even the system operators can’t see unencrypted PII.
  6. Expand to support group chats, file sharing, and enterprise integrations, making it a more complete secure messaging solution.
  7. Quick regex/heuristic pass on the client side thus only sending to model if the prefilter flags something allowing us to cut traffic and latency.

Built With

Share this project:

Updates