Aegis Shield Seed-V2

Aegis is a self-healing cyber engine bridging Windows logs to Gemini Live. It offers sub-200ms multimodal threat reasoning and Firestore-backed recovery for a resilient, autonomous SOC sentinel.

Comment

Inspiration

The inspiration for Aegis came from the realization that modern Security Operations Centers SOCs are overwhelmed by noise. Traditional systems are reactive and fragile. We wanted to build a "Living Sentinel"—an agent that doesn't just monitor logs but understands them through a persistent neural link, possessing the "immune system" to heal itself when infrastructure fails.

What it does

Aegis is a real-time, autonomous "Cyber Engine" that transforms raw, messy system logs into actionable security intelligence using the Gemini 2.0 Multimodal Live API.

Unlike traditional security dashboards that just show graphs, Aegis acts as a Digital Sentinel that:

Siphons Live Telemetry: It creates a direct "Neural Bridge" from the Windows Operating System to the cloud, streaming Event Logs (Security, Application, and System) with sub-200ms latency.

Reasons in Real-Time: Utilizing the multimodal power of Gemini, it doesn't just look for keywords; it understands the intent behind logs to identify sophisticated attacks like brute-force attempts or unauthorized privilege escalations.

Self-Heals on Failure: Built for resilience, Aegis features a Reflexive Recovery Loop. If the network connection drops or the system crashes, it automatically hydrates its analytical context from a Firestore persistence layer, ensuring the "Sentinel" never stops watching.

Quantum Sensing Dashboard: It provides a "UNI-STATE" visualization of System Entropy and Detection Confidence, giving security teams a clear, immediate view of their infrastructure's health and security posture.

How we built it

Aegis is built on a high-performance, bidirectional architecture designed for sub-200ms latency:

Neural Link: We utilized the Gemini 2.0 Multimodal Live API via a custom WebSocket bridge to stream raw Windows telemetry.

The Bridge: A PowerShell-based "Siphon" tails local Windows Event Logs and pushes them to a Python-based FastAPI backend.

State Management: We integrated Google Firestore using a diag_ session prefix to store short-term "Neural Memory."

Frontend: A Next.js "UNI-STATE" dashboard provides real-time visualizations of System Entropy and Detection Confidence.

Challenges we ran into

The biggest hurdle was Hydration and Synchronization. Bridging a local Windows environment with a cloud-based LLM in real-time meant battling CORS headers and WebSocket handshake timeouts. We overcame this by implementing a "Pulse" protocol that maintains a heartbeat between the local PowerShell siphon and the Gemini Live session, ensuring that no threat log is dropped during a network jitter.

Accomplishments that we're proud of

Sub-200ms Neural Latency: We successfully built a pipeline that siphons raw Windows Event Logs and gets a reasoning response from Gemini Live in under 200ms. Achieving "Human-speed" threat detection was our primary goal.

The "Reflexive" Self-Healing Loop: We are incredibly proud of our Firestore-backed recovery system. If the WebSocket drops, the agent doesn't lose its "mind"—it pulls its last state from the diag_ cache and resumes analysis without missing a single log entry.

Multimodal Logic Bridge: We didn't just send text; we built a bridge that allows a cloud-based AI to "feel" the pulse of a local machine’s operating system.

Zero-Jitter Ingestion: Overcoming the Windows permission hurdles to create a stable, non-blocking PowerShell-to-FastAPI siphon that runs continuously in the background.

Winning the "Pyre2 Battle": Despite local server crashes and environment challenges in the final hour, we maintained system integrity and proved that the Aegis architecture is resilient enough to deploy under extreme pressure.

What we learned

We mastered the art of Multimodal Handshakes. We learned that feeding raw binary chunks of system logs into a live AI stream requires precise protocol alignment. We also discovered the power of Reflexive Prompting—teaching the AI to recognize when its own connection is failing and to initiate a self-recovery sequence using cached session data.

What's next for Aegis Shield Seed-V2

Zero-Human-Touch Deployment: Transitioning from manual log ingestion to an automated, "agentless" deployment model that can be pushed across thousands of enterprise endpoints via Group Policy or MDM.

Predictive Entropy Modeling: Implementing long-term trend analysis where Gemini doesn't just react to current logs, but predicts potential breaches based on subtle shifts in System Entropy over weeks of data.

Active Defense Protocols: Moving beyond "Detection" to "Neutralization"—enabling Aegis to automatically trigger firewall rules, isolate compromised VLANs, or revoke user credentials the millisecond a high-confidence threat is identified.

Cross-Platform Sentinel: Expanding the siphoning bridge to support Linux (Syslog/Auth.log) and Cloud AWS CloudTrail /GCP Audit Logs, creating a truly unified, multimodal security mesh.

Advanced "Neural Playbooks": Developing a library of automated response playbooks that Gemini can execute based on the specific context of a detected incident.

Built With

  • antigravity-adk
  • fastapi
  • gcp
  • gemini2.0
  • google-ai-studio
  • google-antigravity
  • google-firestore
  • lucide-react
  • next.js14
  • node.js
  • powershell
  • python3.11
  • quantum-sensing
  • rest-apis
  • tailwind-css
  • vercel
  • websockets
Share this project:

Updates