EAIVP β Explainable AI Visualisation Platform
Mensor XAI | Aletheia Prism | Forensic File Analysis System
Most security tools return a verdict. EAIVP returns a verdict and a reason.
Overview
EAIVP is a forensic file analysis platform that detects malware and explains its findings in plain English β suitable for SOC analysts, legal teams, and compliance functions. Built on a three-lens detection architecture called the Aletheia Prism, every file analysis produces independent signals from three analytical axes, fused into a single combined verdict with a Gemini AI-generated narrative.
Every analysis produces:
- A combined verdict: NEGLIGIBLE / LOW / MEDIUM / HIGH / CRITICAL
- A plain-English forensic narrative explaining the evidence
- A professional PDF report suitable for legal or regulatory use
- 3D WebGL terrain visualisations of the file's internal structure
- SHA-256 hash for chain-of-custody integrity
Demo Video
Watch a live WannaCry detection in 16 seconds:
[Live Platform] (https://eaivp-413f5.web.app)
--
Showcase Repository
Full detection results, sample forensic reports, and architecture documentation:
The Aletheia Prism β Three-Lens Architecture
Lens A β Byte Space Entropy Analysis
Shannon entropy analysis of the raw byte stream. High entropy is consistent with encryption, compression, or packing β common characteristics of malware attempting to evade signature detection. Includes 8 YARA signature rules for family-specific detection.
Lens B β Pixel Space Structural Analysis
For image files, analyses pixel-level structure for LSB steganography patterns and pixel distribution anomalies. Calibrated to 5% false positive rate (v0.1.2).
Lens C β Signwave Spectral Analysis
Spectral flatness analysis of the file's frequency domain. A near-random byte distribution β characteristic of encrypted payloads β produces a flat spectral signature, detected independently of Lens A.
Detection Performance
Validated on a corpus of 422 malware samples across 21 families (March 2026).
| Family | Detected | Samples | Rate |
|---|---|---|---|
| AsyncRAT | 20 | 20 | 100% |
| BlackCat | 20 | 20 | 100% |
| CobaltStrike | 20 | 20 | 100% |
| Conti | 20 | 20 | 100% |
| DarkComet | 20 | 20 | 100% |
| Dridex | 20 | 20 | 100% |
| Emotet | 20 | 20 | 100% |
| GuLoader | 20 | 20 | 100% |
| IcedID | 20 | 20 | 100% |
| LockBit | 20 | 20 | 100% |
| Mirai | 23 | 23 | 100% |
| RedLine | 19 | 19 | 100% |
| TrickBot | 20 | 20 | 100% |
| Vidar | 20 | 20 | 100% |
| WannaCry | 20 | 20 | 100% |
| njRAT | 20 | 20 | 100% |
| AgentTesla | 19 | 20 | 95% |
| Ryuk | 19 | 20 | 95% |
| XWorm | 19 | 20 | 95% |
| Stealc | 18 | 20 | 90% |
| FormBook | 16 | 20 | 80% |
| Total | 413 | 422 | 97.9% |
Detection threshold: MEDIUM or above. Results independently verifiable from committed corpus JSONL.
16 out of 21 families at 100% detection. Only FormBook below 90%.
Detection performance is reported honestly. Inflated metrics serve no one.
Five Live Test Results
| # | File | Type | Verdict | Lens A Entropy | Lens C SF |
|---|---|---|---|---|---|
| 1 | 01_clean.png | PNG | LOW | 1.585 b/b | 0.047 |
| 2 | 02_clean.zip | ZIP | MEDIUM | 4.805 b/b | 0.674 |
| 3 | 03_WannaCry.dll | DLL | CRITICAL | 6.748 b/b | 0.910 |
| 4 | 04_LockBit.exe | EXE | CRITICAL | 7.246 b/b | 0.953 |
| 5 | CV β slot 5.pdf | CRITICAL | 7.873 b/b | 0.991 |
Test 5 is intentional. A benign PDF flagged CRITICAL β PDF internal compression produces near-maximum spectral flatness. The platform explained exactly why. That is the point.
Tech Stack
| Component | Technology |
|---|---|
| Backend | Python 3.11, Flask |
| Detection | Shannon entropy, YARA, NumPy pixel analysis, Welch PSD spectral analysis |
| AI Narrative | Google Gemini 2.5 Flash |
| PDF Reports | WeasyPrint (HTML/CSS) |
| Frontend | React, TypeScript, Three.js, Vite |
| Infrastructure | Docker, Supabase, MalwareBazaar API |
| Runtime | Chromebook Crostini Linux |
EU AI Act Article 15
EAIVP is designed with EU AI Act Article 15 transparency requirements in mind β coming into force August 2026. Every automated verdict is accompanied by a human-readable explanation. No black box verdicts. No unexplained outputs.
Author
Lawrence Cue β Independent Developer, Mensor XAI Ashford, Kent, UK
This system is built for forensic analysis assistance. Results should be reviewed by a qualified security professional before any legal or operational action is taken.