Aegis

Aegis: The AI agent that goes beyond fraud detection. It autonomously orchestrates a real-time response to block threats, notify users, and initiate remediation in milliseconds.

Comment

Inspiration

My inspiration for Aegis came from a deep dive into the real-world challenges faced by the financial technology industry. After reviewing the AWS Lambda Hackathon resources, I was drawn to the practical application examples, particularly the idea of building solutions for real-world business problems. The financial services industry is grappling with a massive and growing threat from sophisticated payment fraud, with losses projected in the billions.

I learned that traditional fraud detection systems are often too slow, relying on batch processing that leaves a critical window for fraudsters to inflict damage. They are also inflexible, built on rigid rule engines that can't keep up with new attack vectors. This latency and rigidity result not only in financial loss but also in a frustrating and trust-eroding experience for customers. This sparked the core idea for Aegis: to build a security system that wasn't just a passive detector but an active, intelligent, and autonomous defender, transforming security from a point of friction into a trust-building experience.

What it does

Aegis is an AI-powered security agent designed for FinTech companies. It doesn't just detect fraudulent transactions in real-time; it orchestrates an immediate and automated response. When a transaction is identified as high-risk, Aegis acts within milliseconds to block the transaction, lock the user's account to prevent further damage, notify the customer via SMS, and automatically create an investigation ticket for human analysts.

The core of the system is a fundamental shift from passive flagging to active, agentic remediation. Instead of simply creating an alert for a human to review, an AI agent, built on Amazon Bedrock, serves as the "cognitive core." It reasons about the threat and dynamically executes a multi-step remediation workflow. For the end-user, this means near-instantaneous protection and communication. For fraud analysts, Aegis provides a "Command Center" web application for real-time visibility and control. It also includes a customer-facing mobile app that allows users to instantly confirm or deny suspicious transactions, creating a seamless and interactive security partnership.

How I built it

Aegis is built on a highly decoupled, event-driven serverless architecture, with AWS Lambda at its heart, fulfilling the core requirement of the hackathon.

Ingestion & Scoring: The process starts when a financial transaction is published to an Amazon Kinesis Data Stream. I chose Kinesis for its ability to handle high-throughput, ordered data streams. A Lambda function (Transaction-Scoring-Function) is triggered by new records on the stream. This function enriches the transaction data with the customer's history from Amazon DynamoDB and then calls an Amazon Bedrock model (like Anthropic's Claude 3 Haiku) to generate a fraud probability score.

Decoupling with EventBridge: If the score exceeds a set threshold, the scoring Lambda doesn't trigger the response directly. Instead, it publishes a HighRiskTransactionDetected event to a custom Amazon EventBridge event bus. This was a crucial design choice to decouple the detection and remediation logic, a serverless best practice.

Orchestration & Remediation: An EventBridge rule listens for this event and invokes an AWS Step Functions state machine. I used Step Functions to manage the multi-step remediation workflow because it provides essential resilience, error handling, and a detailed audit trail, which is non-negotiable for a critical financial process.

The Agentic Core: The Step Functions workflow invokes a Bedrock Agent. I equipped this agent with a toolkit of other single-purpose Lambda functions: lock_user_account, send_alert (using Amazon SNS), and create_ticket. The agent's behavior is defined by a natural language prompt and an OpenAPI schema, allowing it to reason and decide which tools to use in what order to achieve its goal of remediating the threat.

User Experience: For the human-in-the-loop, I designed two front-end applications. The Fraud Operations Command Center is a Next.js and React 19 web app that gives analysts a real-time feed of threats and agent actions. The Customer Security Companion is a React Native mobile app that provides customers with interactive push notifications to immediately confirm or deny transactions. Both interfaces are powered by Lambda functions exposed via Amazon API Gateway.

Challenges I ran into

Building a system that operates in real-time with high stakes presented several challenges. First, ensuring the remediation workflow was both resilient and fully auditable was critical. A simple chain of Lambda calls would be too brittle. I overcame this by using AWS Step Functions, which provided the built-in error handling, retries, and visual audit history required for a financial-grade process.

Another challenge was designing the system to be agile and adaptable to new fraud patterns. Hard-coding the remediation logic into a Lambda function would make it difficult to update. The "Aha!" moment was realizing I could use a Bedrock Agent as the cognitive core. This decouples the business policy (the "what") from the technical implementation (the "how"). Now, to change the response logic, I can often just update the agent's natural language instructions and its toolset, rather than rewriting and deploying code.

Finally, creating a truly real-time feel for the analyst dashboard without the complexity of a full WebSocket API for the proof-of-concept was a hurdle. I solved this by having the front-end poll a dedicated Lambda function that read the latest entries from CloudWatch Logs. It was a simple yet effective way to demonstrate the agent's actions updating live on screen.

Accomplishments that I’m proud of

I am most proud of successfully designing and architecting a system that embodies a paradigm shift from passive detection to active, agentic remediation. This isn't just another fraud alert system; it's an autonomous agent that takes decisive action.

I'm also proud of the architecture itself. It's a sophisticated, event-driven system that correctly applies the right tool for the right job: Kinesis for high-throughput ingestion, Lambda for core compute, EventBridge for decoupling, Step Functions for resilient orchestration, and Bedrock for the AI-driven "brains." This adherence to serverless best practices makes the system scalable, resilient, and maintainable.

Finally, I'm proud of the focus on user experience for both the fraud analyst and the end customer. The Command Center provides transparency and builds trust between the human analysts and the AI, while the customer companion app turns a potentially stressful event into a simple, interactive, and empowering experience.

What I learned

This project was a tremendous learning experience. I gained a deep, practical understanding of serverless architectural patterns and best practices. I learned how to effectively use EventBridge to build decoupled and extensible systems, and how to orchestrate complex, stateful workflows using AWS Step Functions.

The biggest takeaway was the power of combining serverless compute with generative AI. Building the Bedrock Agent was a revelation. It showed me how to move beyond simple automation and create systems that can reason, make decisions, and use tools to perform complex tasks autonomously. I also learned how to craft effective prompts and OpenAPI specifications to reliably guide the agent's behavior. On the front-end, I had the chance to work with the latest features in React 19, like the useOptimistic hook, to build a highly responsive and modern user interface.

What's next for Aegis

The current version of Aegis provides a solid foundation, but there are many exciting directions for its future.

Expand the Agent's Toolkit: I plan to add more tools to the Bedrock Agent's action group, allowing it to perform more nuanced remediation actions, such as placing temporary holds on specific merchants, challenging transactions with 3D Secure, or even initiating automated chargebacks.

Enhanced AI Capabilities: I want to incorporate more sophisticated machine learning models for the fraud scoring engine. This could involve training a custom model on historical data or using more advanced features from Bedrock's model selection.

Proactive Intelligence: I envision Aegis evolving from a reactive agent to a proactive one. It could analyze transaction patterns to predict and flag potentially compromised accounts before a fraudulent transaction even occurs, truly living up to its name as a shield for modern finance.

Built With

Share this project:

Updates