Services

Primitives, productized only when ready.

Six engagement areas, each tied to a live BlackGrid research track. We deploy what’s in pilot, audit what’s in production, and brief operators on what’s next.

What we offer.

Engagement areas

/ 01

IronGrid threat intelligence

Production · deployed

A Node.js threat-intelligence platform that scans a Gmail inbox every 15 minutes, scores each message against a deterministic 17-signal fraud detector, and triggers an autonomous OSINT pipeline on anything 50+. Outputs are Palantir-style Subject Intelligence Cards answering: who is actually behind this email?

17 signals8 OSINT modules15min scan cycle

/ 02

Email authenticity scoring (D.A.E.)

Track 01 · held-out

Weighted signal decomposition for inbound mail — header canonicalization, identity drift, link-target verification, body cadence — into a single reproducible score. An extension of the deterministic-algorithmic engine that powers OrangePeel. Same inputs always produce the same score.

91.4% accuracy0.7% FPR50k-message set

/ 03

Liveness step-up auth

Track 02 · in pilot

A user’s gaze following a moving fixation target produces a reproducible signature distinguishable from a photo, video replay, or generated face. Designed as a low-friction MFA step-up. Drops into MyMeridi today; available as a standalone primitive for partner deployments.

99.2% reject (synthetic)1.4% false-reject

/ 04

Tenant isolation audit

Track 04 · service

A single bug in application code should not leak data across tenants. We bring schema-level row policies plus an adversarial fuzz harness that generates queries designed to escape tenant scope — runs against your own schema, reports any leak path, and ships a hardened policy set. Every query is auditable.

4.0M queries0 leaks100% schema coverage

/ 05

Operator anomaly detection

Track 03 · cold start

Insider misuse can be flagged by deterministic rules grounded in observed operator behavior — without a behavioral model that becomes a second source of opacity. A rule lexicon built per tenant: admin tokens off-hours, bulk exports above a threshold, new device + privileged op within minutes. Each rule explainable on its own.

12 rules live30 targetPhase 1

/ 06

Hardware-keyed signing (roadmap)

Track 05 · paused

Cross-product signing keys moved from application memory into a hardware enclave without breaking the latency budget for cross-product handoffs. Initial enclave hardware bench failed the 1ms p99 budget; track paused pending alternative silicon. Available as an engagement when the bench reopens.

Budget p99 ≤ 1msStatus blocked

How engagements work.

Model

The lab works most productively with operators who can describe their friction in technical terms. Engagements typically follow one of three shapes:

Directed research — a specific question, a specific dataset, a fixed-window investigation. Output is a written brief plus a working primitive when applicable.
Pilot integration — an in-pilot primitive (currently Track 02 liveness) deployed into a partner environment with reproducibility guarantees and a teardown report.
Audit — a fixed-scope security audit using BlackGrid’s fuzz harness or anomaly rule set, run against your environment, with a leak-path report and remediation set.

We do not offer broad SaaS subscriptions. The lab takes a small number of engagements per quarter to keep output quality where we want it.

Brief the lab

Found a service
that fits?

Tell us about your operating problem. If your friction maps to one of our open tracks, we will reply within 48 hours with a scope, a timeline, and a fee range.

Brief the lab →Open dashboard →