Autonomous Cyber-Security & Service Orchestrator (ACSO)

The ACSO is a multi-agent Agentic AI system that transforms IT, shifting management from reactive "firefighting" to proactive security, service, and growth, increasing MSP profitability by 38%.

Comment

Inspiration

Our inspiration stemmed from a fundamental frustration we share with every IT and MSP team: the endless cycle of "firefighting." Modern IT management is predominantly reactive—waiting for an alert, responding to a ticket, and fixing a known problem. This drains resources, leaves critical vulnerabilities exposed, and stifles innovation. We realized that simple automation is not enough; we needed a system that was goal-driven, proactive, and capable of independent decision-making, much like a human expert. The rise of sophisticated Agentic AI technologies provided the blueprint for building this expert system, finally allowing IT teams to shift from tactical survival to strategic growth.

What it does

The ACSO is a singular, comprehensive multi-agent system that unifies three core business functions—cybersecurity, service delivery, and financial performance—into a cohesive, self-improving platform.

Proactive Security: It moves beyond simple intrusion detection by deploying a Threat Hunter Agent that continuously sifts through data to find hidden threats before they trigger alarms.

Intelligent Service: A Service Orchestration Agent autonomously categorizes and routes support tickets with high accuracy, automating routine administrative tasks and reducing manual processing time by up to 70%.

Financial Intelligence: It identifies and acts on upselling opportunities (like hardware upgrade recommendations) directly from support ticket analysis, driving a projected 15-25% increase in hardware sales.

In short, the ACSO replaces a fragmented, reactive stack with one autonomous orchestrator.

How we built it

We designed the ACSO using a robust, layered AWS architecture centered around a multi-agent collaboration framework.

Core Agentic Foundation: We utilized Amazon Bedrock Agents to define our key roles: a high-level Supervisor Agent (the brain) and specialized sub-agents (Threat Hunter, Service Orchestration, Financial Intelligence).

Orchestration Logic: The Supervisor Agent receives a high-level goal (e.g., "Ensure the environment is secure") and uses LLMs to break it down into a sequence of actionable steps, delegating tasks like vulnerability scanning and patch deployment to the appropriate sub-agents.

Tooling and Action: Agents execute their actions via the Amazon Bedrock AgentCore Gateway, which connects to simulated external systems (like a patch deployment API or a ticketing system) through secure AWS Lambda functions.

Governance: We implemented Amazon Bedrock Guardrails to ensure the agents’ behavior stays within responsible parameters and enforced a "Human-in-the-Loop" model for all high-stakes decisions.

Challenges we ran into

The primary challenge was managing agent collaboration and state persistence in a hackathon timeframe. Designing the handoffs between the Supervisor Agent and sub-agents—specifically, ensuring one agent's output (e.g., a threat finding) correctly triggers the next agent's action (e.g., incident response)—required meticulous state management. We overcame this by clearly defining the input and output schemas for each agent's tools, allowing the Supervisor to reliably parse the results and route the next step, essentially building a dynamic internal workflow engine.

Accomplishments that we're proud of

True Agentic Workflow: We successfully demonstrated a multi-step, goal-driven workflow where the system operates autonomously, requiring zero human input from the initial goal setting to the final audit trail generation.

Unifying Disparate Functions: We created a novel solution that successfully merges security, service, and finance, proving the platform's immediate value to Managed Service Providers (MSPs). The financial intelligence aspect is a unique differentiator.

Governance First: Integrating the Human-in-the-Loop model from the start ensures the solution is not just powerful, but also safe, reliable, and trustworthy for real-world deployment.

What we learned

We gained deep insight into the practical complexities of building a reliable Agentic Core—specifically how crucial it is to define the boundaries and tool usage for each agent. We learned that the "reasoning" of the LLM is only as effective as the tools and structure it is given, emphasizing the need for robust tool definition and clear state management over relying solely on the LLM's raw capability.

What's next for Untitled

Our immediate next steps are to:

Deepen Integration: Connect the ACSO to real-world, live APIs for popular ticketing and patch management systems to move from simulation to production-readiness.

Predictive Modeling: Leverage the collected data to refine the Predictive Maintenance capability, training the financial agent to forecast hardware failure risks more accurately for premium service offering.

User Experience: Build out the full, interactive Agent Control Panel to provide a single pane of glass for human teams to monitor, approve high-stakes actions, and define custom, high-level business goals.

Built With

  • amazon-api-gateway
  • amazon-bedrock-agentcore
  • amazon-bedrock-agents
  • amazon-bedrock-guardrails
  • amazon-web-services
  • aws-iam
  • bedrock
  • strands-agents
Share this project:

Updates