CognitoForge - Ai

Inspiration

We were inspired by the increasing complexity of software supply chains and the need for proactive security. Traditional tools just report vulnerabilities; we wanted to build something that could think like an attacker and give actionable insights in real time.

What it does

CognitoForge-AI is an AI-powered security reconnaissance platform. It ingests a GitHub repository, simulates potential attacks, highlights vulnerabilities, and produces actionable insights. The platform also tracks affected files, assesses severity, and integrates with tools like Snowflake and DigitalOcean Gradient to store and simulate data securely.

How we built it

We built the backend with Python and FastAPI, integrating the Gemini API to generate AI-driven attack plans. The frontend uses Vite/React with environment-based configurations for flexibility. For data persistence, we used Snowflake to store simulation results and insights, while Gradient (mocked) lets us simulate advanced AI processing. We made sure everything is modular, scalable, and testable end-to-end.

Challenges we ran into

Managing integration between multiple systems backend, frontend, Snowflake, and AI simulations was tricky. We also had to mock certain services like DigitalOcean Gradient due to credit constraints. Ensuring that AI-generated plans were accurate and actionable while handling errors gracefully was a learning curve.

Accomplishments that we're proud of

Seamless backend-frontend integration with environment-based configuration.
Successful AI-driven attack simulation with actionable reports.
Snowflake integration for secure, persistent storage of simulation data.
Mocked Gradient integration, showing readiness for cloud AI workflows.

What we learned

We learned how to coordinate multi-service integrations under tight deadlines, design AI prompts for realistic attack simulations, and build scalable, modular architecture that can grow beyond the hackathon.

What's next for CognitoForge-AI

Full real DigitalOcean Gradient integration once credits are available.
Expand AI attack plans to cover more exploit scenarios.
Build historical trend analytics on security reports to help developers anticipate risks.
Optimize performance and UX for faster report generation and clearer insights.

Built With

auth0
azure
digitalocean
docker
fastapi
gemini
git
javascript
jq
python
react
snowflake
typescript
vercel
vite
vscode

Submitted to

Open Source Hackfest
- Winner Best Use of Snowflake API

Created by

I developed **CognitoForge AI** as a comprehensive solution to bridge the gap between traditional security tools and modern AI-driven threat analysis. As the sole developer, I built the entire full-stack platform from the ground up, integrating cutting-edge technologies including Google Gemini 2.0 Flash for intelligent attack scenario generation, Snowflake for enterprise-grade analytics, and Auth0 for secure authentication. The platform leverages Next.js 14 with TypeScript on the frontend and FastAPI with Python on the backend, creating a seamless experience for security professionals to analyze repositories and simulate realistic attack vectors based on the MITRE ATT&CK framework.

My technical implementation focuses on three core pillars: intelligent automation, data-driven insights, and enterprise security. I engineered the Gemini AI integration to generate contextual attack plans with 95% confidence, implemented retry logic with exponential backoff for reliability, and built comprehensive input sanitization to prevent command injection and API key leakage. The real-time analytics dashboard I developed aggregates data from multiple sources—local simulations, Snowflake warehouse, and DigitalOcean Gradient compute—providing security teams with actionable insights into vulnerability distributions, historical trends, and AI-powered vs. rule-based scan performance. Every line of code follows industry best practices with type safety (TypeScript and Pydantic), secure credential management, CORS configuration, and comprehensive API documentation through OpenAPI/Swagger.

Beyond the technical architecture, I've focused on creating an accessible, production-ready platform that serves both individual developers and enterprise security teams. The project includes extensive documentation, l, Auth0 setup instructions, and integration tutorials for Snowflake and Gradient. I've implemented the MIT open-source license to encourage community contributions while maintaining enterprise-grade security standards. This project represents my commitment to democratizing AI-powered security analysis—making advanced threat modeling accessible to development teams of all sizes while maintaining the rigor and reliability required for production security operations.

Bhoomi Awhad
Nabil Shaikh
Code. Debug. Secure. | Python & C++ Dev | Linux/AOSP Explorer | Future Cybersecurity Specialist