-
Logo
-
-
-
-
PROJECT STORY
INSPIRATION
Financial crime is increasingly hybrid in nature. Cybersecurity teams detect account compromises and phishing attacks, while anti-money laundering (AML) systems monitor suspicious financial activity. However, these systems typically operate independently and lack meaningful cross-correlation.
We were motivated by this structural gap. If a compromised account is flagged by a SOC team and abnormal financial behavior is detected by AML systems, those signals should not remain isolated. ANCHOR was built to connect these domains and enable coordinated detection.
WHAT WE BUILT
ANCHOR is a hybrid cyber–financial intelligence platform that correlates cybersecurity alerts with financial transaction behavior.
The system:
Ingests SOC and AML alerts
Detects transaction burst behavior within defined time windows
Builds a real-time transaction graph for network visibility
Computes a unified network risk score
Uses Google Gemini for structured correlation reasoning
Anchors critical alerts to blockchain for immutable auditability
The central principle is controlled escalation. AI reasoning is triggered only when predefined conditions are met, such as the presence of both SOC and AML signals combined with behavioral anomalies. This reduces false positives while maintaining detection depth.
HOW WE BUILT IT
Backend Intelligence Engine
We developed a unified Flask backend responsible for alert ingestion, transaction ingestion, burst detection, risk scoring, AI invocation control, and blockchain interaction. The backend aggregates cross-domain signals and determines whether escalation to the AI layer is justified.
Data Layer
MongoDB stores alerts and transactions. This enables real-time reconstruction of financial activity, timeline generation, and dynamic graph construction for network analysis.
Graph-Based Analysis
Transactions are modeled as a directed graph where nodes represent accounts and edges represent transfers. This structure allows identification of shared mule accounts, transaction chains, clustered activity, and circular laundering patterns. The frontend visualizes this graph using a canvas-based rendering engine.
AI Correlation Layer
Google Gemini evaluates structured risk inputs such as network risk score, burst detection status, and transaction clustering behavior. It returns a correlation decision, a confidence score, and a recommended action. AI invocation is gated behind deterministic validation logic to ensure stability and reduce over-escalation.
Blockchain Anchoring
Critical alerts are hashed and written to an Ethereum smart contract. Each anchored alert receives a transaction hash and block number. Identity data is protected using HMAC hashing before anchoring, ensuring consistent representation across institutions while preserving privacy.
Blockchain anchoring provides tamper-proof audit integrity, chronological traceability, and regulatory defensibility.
CHALLENGES
Integration Stability Maintaining strict consistency between backend responses and frontend graph rendering required careful schema alignment.
AI Output Reliability Large language models may return formatted responses instead of strict JSON. We implemented parsing controls and fallback logic to maintain stability.
Realistic Data Simulation We created structured fraud scenarios including shared mule accounts and transaction chains to stress-test the system.
Architectural Discipline We consolidated services into a single backend to reduce deployment complexity and improve reliability.
WHAT WE LEARNED
Fraud detection benefits from combining deterministic logic with structured AI reasoning. Graph visualization significantly improves interpretability of financial behavior. Blockchain is most effective when used for integrity guarantees rather than raw data storage. Controlled escalation reduces unnecessary AI invocation and improves precision.
CONCLUSION
ANCHOR demonstrates how cybersecurity intelligence, financial monitoring, AI reasoning, and blockchain integrity can be unified into a single detection pipeline. The result is a structured and scalable framework for identifying coordinated financial crime with improved transparency and auditability.
Log in or sign up for Devpost to join the conversation.