RedString

RedString is an AI-native cyber-physical correlation platform that helps hospitals detect coordinated threats earlier by turning fragmented cyber, physical, and device signals into one actionable case

Comment

RedString

We built RedString, a cyber-physical correlation engine for hospital security teams. It helps operators spot potentially coordinated activity earlier by connecting signals that usually live in separate systems, such as cyber alerts, badge access events, and physical security reports. We were inspired by a simple real-world problem: a suspicious cyber login, an unusual after-hours badge swipe, and a report of an unknown person on campus may all be related, but today they often appear in different tools and reach different teams at different times. That makes fast, confident decision-making difficult. RedString is designed for one specific user: a Hospital Security Duty Manager. The product helps answer one urgent question: Is this just a cyber anomaly, or is it becoming a real-world campus security incident that needs escalation?

How it works

Our demo begins with a successful VPN login on a contractor account from a new device. RedString then checks for nearby related signals, including badge access activity and a suspicious-person report.

In the sample case:

  • a contractor account logs in remotely after hours
  • the same contractor’s badge is used at a service entrance shortly after
  • an officer reports a person in vendor clothing moving near a sensitive hospital area without an escort Each signal alone could be harmless. Together, they may indicate coordinated activity. RedString correlates them into a single case card that explains what happened, why the events may be connected, how confident the system is, and what the operator should do next. Instead of forcing the operator to manually compare logs across multiple systems, the product turns fragmented evidence into one clear decision flow: Observe → Verify Now → Escalate Now

How we built it

We built RedString as a deterministic case engine with explicit correlation logic across identity, time window, access activity, and physical location. We intentionally avoided making the system feel like a black-box AI tool. AI is used in a focused way: to turn grounded evidence into a concise, readable explanation for the operator. The correlation logic itself stays transparent and explainable.

For the prototype, we used simulated hospital data feeds for:

  • cyber telemetry
  • contractor identity data
  • badge access events
  • door and zone mappings
  • suspicious-person reports

Value proposition

RedString helps security teams move from scattered signals to one explainable case. Its value is faster cross-domain awareness, clearer escalation decisions, and less manual effort stitching together evidence during a live situation.

What we learned

The biggest thing we learned is that in security workflows, trust matters more than novelty. Operators do not need a generic AI chatbot. They need a system that is narrow, explainable, and useful at the moment of decision. We also learned that the strongest hackathon products come from staying focused. One operator, one workflow, one difficult decision, and one clear demo made the product much stronger.

Built With

Share this project:

Updates