Black Box runs real collection tools against live public-record and OSINT sources, divides each case across a coordinated team of specialist agents, and clears every report through an integrity gate before you read a word. For enterprise and government teams it deploys into your own air-gapped network on dedicated private AI servers — integrating your enterprise tools and APIs, and running full computer, mobile-device and CCTV forensics. A chatbot answers from memory. Black Box goes and gets the evidence — on infrastructure you control.
Six stages, each a distinct step in the engine — not one model improvising an answer. A lead decomposes the question, specialist agents execute it with real tools, and the findings are verified and fact-checked before they reach you.
A lead investigator decomposes your request into distinct, non-overlapping tasks. No single model trying to hold the whole case in its head — the work is divided before any collection begins.
planInvestigationEach task is handed to its own specialist agent, which runs a real tool loop: live web search, the built-in OSINT data sources, and — behind an approval gate — the investigation browser. Reasoning is set to HIGH on every task.
runTaskAn adversarial QC verifier reviews each task's claims and marks them supported or unsupported. It can downgrade a finding the agent called confirmed. Unsupported claims do not get to ride along quietly.
verifyTaskAliases and duplicate entities are merged into single records, each assigned a role and its relationships — so the same person under three spellings becomes one node, not three.
resolveEntitiesThe lead integrates the verified findings into one report, with a BLUF tagged to a single calibrated confidence term and a mandatory competing-hypotheses section. Citations are renumbered into one global sequence you can follow.
synthesizeInvestigationAn integrity auditor reads the finished report and flags hallucinated sources or dockets, uncited claims, and miscalibrated confidence. The report clears this stage before it surfaces — the fact-check is enforced in software, not left to the operator.
factCheckInvestigationTen built-in OSINT data sources make live calls, plus an investigation browser that drives your own authenticated Chrome session. Every tool is scoped to authorized, public-record and consented collection.
CourtListener search across US case law and RECAP — the archived PACER document set. (RECAP, not a live PACER login.)
courtlistener_searchOpenSanctions lookups for sanctions and politically-exposed-person hits. A screening aid for triage, not a definitive legal determination.
sanctions_searchOpenCorporates company records and SEC EDGAR full-text search, against live registries and filings.
opencorporates / edgar_searchRDAP (the WHOIS successor) and crt.sh certificate-transparency enumeration to map domains, registrants, and subdomains.
rdap_lookup / crt_shWayback save-and-lookup so the evidence you cite is preserved at the moment you captured it.
webarchive / preserve_sourceA username sweep across ~16 platforms and a reverse-image link-builder across Lens, Yandex, TinEye, and Bing. Both are labelled heuristic leads — to be human-confirmed in the browser.
username_search / reverse_imageTo read login-gated OSINT and social pages, an agent can drive your own authenticated Chrome profile — but never without your explicit approval, stated reason, and the risks shown first.
The browser runs as a persistent Chrome context against your profile, so an agent reads pages exactly as you would when signed in. It is reach that link-analysis tools and consumer chatbots do not have.
browser.tsOnly browser actions require approval — public-API OSINT calls do not. Each browser step pauses for a human decision that explains why it is needed and the risk, and denies on timeout rather than proceeding.
approvals.tsDriving a logged-in session into major social platforms prepends a terms-of-service and automation warning, so collection there is a conscious, warned choice — authorized, consented, and reviewable, not a way around anything.
HIGH_RISK_DOMAINSEach browser navigation is written to the tamper-evident audit log, so the record of what was accessed, and when, is preserved alongside the case.
audit.tsThe single biggest blocker to AI in serious investigations is hallucination with no confidence signal. The engine answers that with structure — and frames its own heuristics as triage aids, not verdicts.
Every assessment leads with exactly one estimative-probability term — from almost certain to remote — so you read a calibrated judgment, not a vague hedge or false certainty.
estimative probabilityEach report carries a mandatory competing-hypotheses section: two to four alternatives with evidence for and against and a calibrated likelihood each. Uncertainty is shown, not smoothed over.
competing hypothesesSources are graded A through D (official registries down to anonymous pastes) by an Admiralty-inspired heuristic. The grade is a triage prior, not a verdict — a tier-A domain can still host a forgery.
source-tiers.tsPlanted, fabricated, or coordinated-inauthentic material is flagged and held at low confidence rather than absorbed as fact.
runTask / factCheckDue-diligence, threat-intel, litigation-support, and person-of-interest templates reorder the deliverable and add the right blocks — a risk assessment, an IOC section, an exhibit list, or an expanded subject dossier.
report.tsUploaded files are RAG-indexed with OCR and EXIF extraction, with a local lexical fallback when no embedding key is set, so the case can reason over what you bring it.
embeddings / ocr / exifClose the tab and a chatbot forgets everything. Black Box keeps the case, the graph, the timeline, and the chain of evidence.
Resolved entities become nodes with typed relationship edges you can read and export — the connections, mapped, not just described.
NotebookA master timeline and a sources panel keep the sequence of events and the provenance of every claim in one workspace.
NotebookPersistent dossiers track each subject's status (active, flagged, cleared), aliases, identifiers, relationships, and sources — built from the case and editable as it develops.
dossiersDeliverables and exhibits get a SHA-256 hash and numbered exhibit IDs, so a recipient can detect post-hoc alteration. Chain-of-custody-style integrity — tamper-evidence, not a court-admissibility claim.
case-export.tsExport to JSON, Markdown, Word-openable RTF, and nodes/edges CSV for Gephi or Maltego — with optional best-effort PII redaction on the way out.
case-export.tsEach case carries authorization and scope fields, keeping the engagement framed as authorized and consented from the first action.
casesSending case data and subject PII to a vendor's shared cloud is increasingly an OPSEC and compliance liability. Black Box is built to keep the case, the keys, and the audit trail on infrastructure you own — and on Enterprise, entirely inside your own air-gapped network.
All model calls run server-side through an in-house gateway. Provider API keys stay on the server; the client only ever sees has-key boolean flags, never a raw secret.
config.ts / gatewayOn Windows, secrets are sealed with DPAPI so the blob only decrypts for the same user on the same machine. On other platforms a clearly-marked non-secure fallback is used — we state that plainly.
secrets.tsYou call public model names (geogentia-fast, -pro, -reasoning); the gateway maps them to a hidden upstream model and routes server-side. Which vendor answers is never exposed to the client.
gateway/models.tsActivity is appended to a tamper-evident log where each entry hashes the previous one. Editing or removing any record breaks the chain, and the verifier reports the first broken index.
audit.tsAuth.js sessions with bcrypt-hashed passwords and user/admin roles; each user sees only their own cases and searches. The first registrant becomes the owner-admin. Cloud SQL when configured, JSON-file fallback otherwise.
auth.ts / users.tsData-retention is a recorded policy surfaced on export (not automatic deletion), and export PII redaction is a configurable best-effort scrub (not guaranteed de-identification). We never train on your data.
config.tsLegacy suites are powerful canvases that wait for you to feed them data. Black Box sits upstream — it runs the collection and writes the calibrated assessment, then exports cleanly into the tools you already own.
Link-analysis suites visualize relationships you have already gathered. Black Box plans the case, executes the collection, resolves the entities, and exports nodes/edges CSV straight into your graph tool.
complement or replaceHunchly captures what you browse with its own integrity logging. Black Box adds the reasoning and collection on top of tamper-evident capture — it works the case, not just records your session.
on top of integrityA chatbot neither runs the collection nor produces a sourced, confidence-tagged assessment. Black Box does both, inside an authorized, audited posture, on infrastructure you control.
the wedgeSame underlying models — a different machine built around them. Here is what changes when the AI has to collect the evidence and show its work.
| Black Box | Consumer LLM (ChatGPT) | |
|---|---|---|
| Where the answer comes from | Runs real collection tools against live sources — CourtListener/RECAP, OpenSanctions, EDGAR, OpenCorporates, RDAP, crt.sh, Wayback, plus a browser on your own session | Answers from frozen training memory; no live collection of fresh evidence |
| Authorized OSINT / security work | Scoped for it — runs the collection behind an authorized, consented, approval-gated posture | Frequently hedges or declines authorized security and OSINT tasks |
| Grounding & verification | Cited sources, an adversarial verify step per task, and an integrity gate that flags hallucinated dockets and uncited claims before you read it | Confident prose, no built-in verification or fact-check stage you can rely on |
| Confidence signal | ICD-203 calibrated term on every assessment, mandatory competing hypotheses, source-reliability tiers (as triage, not verdicts) | Vague hedging or unwarranted certainty, with no calibrated signal |
| Memory of the case | Persistent workspace: entity graph, timelines, editable dossiers, sources, and a chain of evidence | Stateless thread — forgets the case when you close the tab |
| Architecture | A coordinated team of specialist agents with a verifier between them and your report | One model producing a single response |
| Where your data lives | Self-hosted container, per-user isolated, hash-chained audit log, keys server-side, never trained on your data, air-gap tier available | Prompts sent to a vendor's shared cloud |
| What you can stand behind | Tamper-evident exhibits with numbered IDs and chain-of-custody-style integrity (not a court-admissibility claim) | An answer taken on faith, with no exhibit record |
“We did not build a smarter chatbot. We built the workflow a chatbot refuses to do: real collection, an adversarial verifier between every agent and your report, calibrated confidence on every line, and a tamper-evident record — running on infrastructure you, not a vendor, control.”
Black Box is the full enterprise platform — deployed into your own air-gapped or on-prem environment with dedicated private AI, full computer and mobile forensics, and large-scale evidence handling. Black Box Lite is the self-serve monthly subscription plus metered tokens: the same investigation engine, with some evidence-holding limits. Enterprise is priced per engagement — talk to us.
● Black Box Lite pricing is illustrative — final pricing on signupA single seat for the working investigator — the full engine, the case workspace, and the integrity gate. A monthly subscription plus metered tokens.
Up to 5 seats with a shared token budget, admin controls, and the hash-chained audit log across the team. Subscription plus metered tokens.
The full Black Box platform for enterprise and government teams — deployed into your environment, with no evidence-holding limits. Scoped and stood up per engagement.
Create an account and put a coordinated team of investigators — real tools, calibrated confidence, an integrity gate, and a tamper-evident chain of evidence — to work on infrastructure you control.
Create an account