[ BG ]BlackGrid Labs

Line 03 / Research

Research that ships.

Each track is a hypothesis, a reproducible method, and a held-out evaluation. We publish methods and numbers when they are ready, not when they are scheduled.

Talk to the lab Service areas
Active research
Tracks open5In pilot1Paused1Output targetSuite · OrangePeel · IronGrid
Last review · 2026-05-09

Five tracks. One operating principle.

All research · 2026-Q2
Track 01

D.A.E. for email authenticity

Hypothesis

Inbound mail can be scored from observable, reproducible signals without a probabilistic classifier deciding the verdict — an extension of the deterministic-algorithmic engine that powers OrangePeel.

Method

Weighted signal decomposition (header canonicalization, identity drift, link-target verification, body cadence) into a single reproducible score. Same inputs always produce the same score; every decision is auditable.

Current state

Held-out validation at 91.4% accuracy, FPR 0.7% on a 50k-message set. Triaging the false-positive class.

Scoring sample · msg_4a91D.A.E. v0.12
spf_dkim_pass+0.18Pass
domain_age (642d)+0.10OK
header_canon+0.15Match
display_vs_from+0.00Drift
link_target_match+0.15OK
body_cadence+0.08OK
attachment_posture+0.12OK
Score 0.78 · threshold 0.65Authentic
Track 02

Liveness via gaze-tracked rotation

Hypothesis

A user’s gaze following a moving fixation target produces a reproducible signature distinguishable from a photo, video replay, or generated face.

Method

Capture eye-target delta over a short rotational pattern. Threshold against an RMS error budget. Designed to slot into MyMeridi’s MFA as a low-friction step-up, not a primary auth.

Current state

99.2% reject rate on synthetic-face dataset v2. False-rejection of real users at 1.4%. Pilot approved for MyMeridi MFA in week 21.

Gaze sync · run_042RMS 0.51°
Target — · Observed —Liveness: PASS
Track 03

Operator anomaly detection

Hypothesis

Insider misuse can be flagged with deterministic rules grounded in observed operator behavior — without a behavioral model that becomes a second source of opacity.

Method

A rule lexicon built per tenant: admin tokens used off-hours, bulk exports above a threshold, new device + privileged op within minutes. Each rule explainable on its own.

Current state

Cold start. 12 deterministic rules in the lexicon; targeting 30 by end of phase 1. First batch of consenting-tenant data ingested 2026-04-22.

Rules fired · run_042tenant 11402_anon
admin_token_after_hours0.92Fired
bulk_export_gt_10kQuiet
new_device_within_1h0.71Fired
cross_tenant_query0.00Clear
privileged_op_new_ip0.88Fired
Flagged: 3 rulesAction: review queue
Track 04

Tenant-isolation primitives

Hypothesis

A single bug in application code should not leak data across tenants. The guarantee should hold at the database layer, not the application layer.

Method

Schema-level row policies plus an adversarial fuzz harness that generates queries designed to escape tenant scope. Every query passes through the harness before reaching production.

Current state

4.0M adversarial queries generated. Zero cross-tenant returns. Schema coverage at 100%. Extending into derived views next.

Fuzz harness · run_01424.0M queries
adversarial_join1,242,4080 leak
union_smuggling842,1660 leak
predicate_injection914,2020 leak
escaped_quote_chain680,0550 leak
admin_role_replay321,1690 leak
Schema coverage 100%0 cross-tenant returns
Track 05

Hardware-keyed cross-product signing

Hypothesis

Cross-product signing keys can move from application memory into a hardware enclave without breaking the latency budget for cross-product handoffs.

Method

Bench an enclave-backed signer against the current in-memory implementation. Target: p99 below 1ms per signing operation.

Current state

Initial bench at p99 = 3.92ms — well above the 1ms budget. Track paused pending alternative enclave hardware.

Signer bench · v4 enclave vs v3 in-memn=10k
p500.21 → 2.84ms+2.63
p900.34 → 3.41ms+3.07
p950.41 → 3.62ms+3.21
p990.68 → 3.92ms+3.24
Budget p99 ≤ 1.00msBlocked

From the bench.

Lab notes · trailing 30 days
  • 2026-05-09

    Run 014 of liveness-rotation yielded 99.2% reject rate on synthetic-face dataset v2. Pushing the threshold to the MyMeridi MFA pilot in week 21.

    Track 02
  • 2026-05-06

    D.A.E. email-auth crossed 91.4% on the held-out validation set. Triaging false positives — pattern is heavily weighted toward display-name vs from mismatches in legitimate transactional mail.

    Track 01
  • 2026-05-02

    Spam primitives merged with the email-auth pipeline. Same scoring engine, different threshold. Reduces operational footprint without splitting the model.

    Track 01
  • 2026-04-28

    Tenant-isolation fuzz harness completed 4.0M queries across five attack categories. Zero cross-tenant returns. Schema coverage now at 100%.

    Track 04
  • 2026-04-22

    Operator anomaly: opened the dataset for the first batch of consenting tenants. Rule lexicon at 12 deterministic rules; targeting 30 by end of phase 1.

    Track 03
  • 2026-04-15

    Enclave-keyed signer v4 benched at p99 = 3.92ms, well above the 1ms budget. Track paused pending alternative enclave hardware.

    Track 05

Selected work, when ready.

Output cadence · two per quarter
  • 01

    Toward reproducible email authenticity scoring

    Track 01 · Notes from a deterministic baseline

    Internal draft · Q3
  • 02

    Liveness from gaze: a deterministic step-up for MFA

    Track 02 · Threshold model + pilot results

    Internal draft · Q3
  • 03

    Schema-level tenant isolation in PostgreSQL: a fuzz-tested approach

    Track 04 · Public proposal targeting late Q4

    Public · Q4
  • 04

    Operator anomalies without behavioral models

    Track 03 · Pre-research notes · deterministic rule lexicon

    Pre-research · 2027 Q1
  • 05

    Notes on the D.A.E. as a research substrate

    Cross-cut essay · design principles, not results

    Internal essay · Q2
Public output is dated when it’s ready, not when it’s scheduled.Brief on the lab →

Talk to the lab

Have a research
question for us?

If your operating problem looks like one of the tracks above, we want to hear about it. The lab works most productively with operators who can describe their friction in technical terms.

Brief the lab Open dashboard