Cognitive Sentinel

Inspiration

Digital forensics often starts after the damage is done. We were inspired by how long it takes to identify what really happened in a security incident and how disconnected the data is from the human behavior behind it. We wanted to build something that tells the story as it unfolds.

What it does

Cognitive Sentinel is an AI-powered behavioral anomaly detection tool that combines real-time tracking with forensic reporting. Users interact through a simple command-prompt interface that logs their activities. Admins can input an activity ID and immediately get anomaly scores, deviant features, and a natural-language forensic report generated by AI. It brings clarity to chaos instantly.

How we built it

We used React and Next.js for the frontend, creating two key interfaces: a user console and an admin terminal. The backend runs Python with scikit-learn and NumPy to calculate Mahalanobis and cosine-based anomaly scores. An AI layer powered by GPT generates the forensic narratives. Everything is connected in real-time with WebSockets, and user auth is managed with NextAuth.

Challenges we ran into

We hit early roadblocks with environment setup, real-time streaming bottlenecks, and making statistical results understandable. Translating vectors into stories was harder than expected, but that’s what makes this project different.

Accomplishments that we're proud of

Single-command triage: Analysts move from cryptic IDs to full incident reports in under 10 seconds. Self-explanatory AI briefs: Early testers with no forensics background could retell what happened—and why—after reading one report. Crazy-small footprint: The core anomaly service ships as a 47 MB container, deployable at the network edge. Privacy by design: Captured activities are hashed on the client; only the hash and deltas hit the server.

What we learned

Human context is just as important as technical accuracy. AI isn’t just about detection—it’s about communication. And a well-designed developer experience is key to real-world adoption.

What's next for Cognitive Sentinel

Embeddings-powered behavior fingerprints for non-numeric data (URLs, repo names, registry keys). Chain-of-custody PDF export—timestamped, cryptographically signed. Integrations with SIEMs (Splunk, Elastic) so Sentinel becomes an overlay, not a rip-and-replace. Adaptive thresholds using online learning to reduce false positives by 30 % in the first week of deployment.