CapΔ | Devpost

Inspiration

Developers often unknowingly expose sensitive information-such as API keys, access tokens, and credentials-by uploading code, .env files, or configuration files to public repositories like GitHub. These inadvertent leaks can lead to security vulnerabilities and privacy violations. We wanted to solve this problem by providing a tool that helps developers automatically detect and fix privacy issues in their code.

What it does

CAPΔ is an AI-powered chatbot that helps developers detect and fix privacy issues in their code. By scanning user-submitted code, CAPΔ identifies all sensitive data present within the code, such as API keys and emails. CAPΔ then presents the user with potential privacy fixes, improving the security and compliance of the code

After reviewing the changes given by CAPΔ, users are able to provide additional instructions for which fixes they want implemented, or give additional suggestions and feedback.

How we built it

Frontend: We used Lynx, a fast and efficient framework, to create the interactive UI and handle user inputs.

Backend: FastAPI was used for creating a highly performant backend that handles user requests, interacts with the LLM, and serves privacy suggestions and fixes.

LLM Integration: The Qwen 2.5 Coder model powers the natural language processing and privacy issue detection, helping to identify sensitive data and generate fixes.

The entire system works together to deliver real-time results while maintaining data privacy and security.

Challenges we ran into

Local LLM prompting: Integrating a local LLM model like Qwen 2.5 Coder to generate the desired responses was a challenge. We had to fine-tune the prompting process to ensure the model correctly identifies and suggests privacy fixes without misinterpreting the input.

Real-time updates: Ensuring that the chatbot dynamically adjusts its responses based on user feedback and suggestions required careful management of state and prompt engineering.

Accomplishments that we're proud of

Fully integrated application: We successfully integrated a seamless flow between the frontend, backend, and LLM, allowing users to submit code, get privacy fixes, and interact with the chatbot in real time.

What we learned

LLM prompting: We learned how to optimize and experiment with prompting to get the most relevant and accurate responses from the LLM for privacy issue detection. This experience deepened our understanding of how to effectively use pre-trained models for specialized tasks.

User interaction design: We gained valuable insights into designing an interactive, user-friendly chatbot that adapts based on user input and feedback.

What's next for CapΔ

Enhanced detection capabilities: We plan to extend CAPΔ's detection to more types of sensitive information, such as credit card numbers and secret keys, with additional NLP models.

Able to detect geo-locations in images: CAPΔ will be enhanced to detect geo-locations in images, helping developers identify and mask location-based metadata or privacy-sensitive details embedded in images before sharing them in public repositories.

Deeper integration with code repositories: We aim to integrate CAPΔ with popular GitHub repositories, allowing developers to automatically scan and fix privacy issues in their code before committing.