Agra

Agra is an AI-powered local EDR that watches files in real time, scores malware risk with ML, blocks high-threat files, and streams detections to a live React dashboard through a FastAPI backend.

Comment

Inspiration

Antivirus software is overpriced and CPU-heavy. One of our teammates decided to skip buying one, but during a previous hackathon, his entire computer got wiped by a malicious file because of it. We realized that smart, real-time protection shouldn't tank your computer's performance or your wallet. We built Agra to show that next-gen AI can protect your device locally, invisibly, and for free.

What it does

Agra is a local-first antivirus and Endpoint Detection and Response (EDR) system built for modern laptops. A lightweight Windows background agent watches folders like your Downloads and Desktop. The second a new file appears, Agra extracts its features and scores it using a hybrid Machine Learning pipeline. To keep your computer from lagging, Agra converts these AI models to ONNX and offloads 100% of the heavy lifting directly to the laptop’s built-in Intel NPU (Neural Processing Unit). If a file scores a threat level of 70% or higher, Agra instantly deletes it. For borderline suspicious files, a local Ollama LLM runs a quick natural language analysis to explain the safety anomaly. Finally, the agent streams these threat logs up to a FastAPI backend so users can track threats across their account on a live React security dashboard.

How we built it

  • The Edge Engine: Built in Python using watchdog to catch live Windows file events instantly.
  • The ML Pipeline: Trained on the EMBER malware dataset using LightGBM, Random Forest, KMeans, and HDBSCAN.
  • NPU Acceleration: Converted our models into ONNX graphs and ran them via Intel's OpenVINO runtime to target the laptop's dedicated AI chip.
  • The Cloud Infrastructure: A FastAPI backend deployed on AWS Fargate (ECS) that stores threat telemetry inside an AWS RDS PostgreSQL database.
  • The Frontend Console: A real-time dashboard built using React, Vite, and Tailwind CSS, featuring Firebase Authentication, live polling, and interactive metrics.

Challenges we ran into

Testing was the hardest part of the whole project cycle because everyone’s computers were different. One teammate runs Linux, so they couldn't run the native Windows .exe background agent at all. On top of that, two teammates didn't have an NPU chip in their laptops to test the hardware acceleration. Because of this hardware divide, it was up to just one person on the team to debug and test the compiled executable and the live NPU offloading feature to ensure it worked perfectly.

Accomplishments that we're proud of

We are incredibly proud of successfully utilizing the NPU. On most modern laptops, this dedicated AI silicon sits completely idle, while the CPU is choked up running everyday applications. Agra successfully wakes up this idle chip to handle security processing.

We are also proud of the multiple layers of defense we built:

  • A blended LightGBM and Random Forest classifier to calculate precise malware probability scores.
  • KMeans and HDBSCAN clustering models to group unknown files and catch brand-new, anomalous threat families.
  • A local Ollama LLM (Qwen2.5) to give users an instant, human-readable breakdown of suspicious behavior.

We are incredibly proud that we successfully unlocked this hidden hardware acceleration to handle deep security tasks flawlessly.

What we learned

We learned that every computer environment is completely different, and cross-platform hardware development is not easy. We discovered that utilizing a computer's idle, specialized components (like the NPU) dramatically cuts down performance costs and keeps software incredibly lightweight.

We dove deep into the architecture of Neural Processing Units (NPUs) and learned how they differ fundamentally from CPUs and GPUs. By utilizing Intel's OpenVINO to offload Agra's AI scoring engine to the NPU, we bypassed the traditional CPU bottleneck entirely. We learned how to quantize and optimize tree-ensemble models into ONNX graphs so they could run on specialized hardware with near-zero impact on your laptop's battery life or performance.

What's next for Agra

For Agra, we plan to fully link the frontend dashboard to the local background agent so users can easily customize their antivirus settings, adjust sensitivity sliders, and select specific folders to guard. We also want to build the "Hive," a centralized threat database that connects all active accounts globally. The moment a new malware signature or malicious site is flagged on one machine, it will instantly sync to the Hive, automatically protecting every other user on the network before the threat can ever reach them.

https://github.com/SaiKamalaksha/UncommonHacks-Agra

Built With

Share this project:

Updates