Inspiration
Security analysts are drowning in noise. A typical SOC (Security Operations Center) receives thousands of alerts daily-far too many for humans to investigate thoroughly. We noticed that while existing tools can flag an anomaly, they rarely explain why it matters or what to do next.
We asked: What if we could build an AI agent that doesn't just read logs, but "thinks" like a Level 3 Security Analyst?
That’s why we built CyberSentinel. We wanted to harness the multimodal reasoning of Gemini 3 to move beyond simple pattern matching into true autonomous threat analysis.
What it does
CyberSentinel is an intelligent security dashboard that acts as a force multiplier for security teams.
Autonomous Ingestion: It ingests raw, unstructured server logs (firewall drops, auth failures, system events).
Cognitive Analysis: Instead of simple regex, it uses Gemini 3 to reason about the event in context. It asks: "Is this just a failed login, or is it the start of a lateral movement attack?"
Instant Response Plans: For every detected threat, it generates a structured, step-by-step remediation plan (e.g., "Block IP 192.168.x.x," "Isolate Host").
Real-Time Feed: A live, reactive dashboard that prioritizes critical threats over low-level noise.
How we built it
We built CyberSentinel with a focus on speed and interactivity.
Frontend: Built with React and Vite for a snappy, responsive UI. We used Tailwind CSS for a modern, dark-mode "hacker" aesthetic.
AI Engine: The core brain is Google Gemini 3 Flash. We chose Flash for its incredible speed/latency balance, allowing near real-time log analysis.
Backend: A Python FastAPI service (hosted on Render) handles the data pipeline.
Authentication: Firebase Auth provides secure, multi-tenant user management.
Architecture: We implemented a "human-in-the-loop" design where the AI proposes hypotheses and actions, but the analyst remains in control.
Challenges we ran into
Handling Ambiguity: Raw logs are messy. Teaching the AI to distinguish between a "forgotten password" and a "brute force attack" required careful prompt engineering to leverage Gemini's reasoning capabilities.
Real-time Latency: Security needs to be fast. We optimized our API calls to ensure the analysis feels instant, using Gemini 3 Flash's low latency to our advantage.
Full-Stack Integration: Connecting a Vercel frontend to a Render backend introduced complex CORS and deployment challenges that we had to solve under pressure!
Accomplishments that we're proud of
The "Brain" of the System: Seeing Gemini correctly identify a subtle "low-and-slow" attack pattern from a raw log text was a huge "aha!" moment.
Sleek UI: We're really proud of the professional, dark-mode dashboard—it looks and feels like a real enterprise security tool.
End-to-End Flow: Building a complete auth-to-analysis pipeline in a single hackathon weekend.
What we learned
Agentic Workflows: We learned that AI agents are most powerful when given structured goals (like "analyze this log") rather than open-ended chats.
Gemini's Reasoning: We were impressed by Gemini 3's ability to infer intent from sparse data.
Deployment Resilience: We learned valuable lessons about building resilient frontends that fail gracefully even when backend services are under load.
What's next for CyberSentinel
uto-Remediation: Giving the agent permission to execute the blocks it recommends (via API hooks to firewalls).
Multimodal Inputs: Analyzing screenshots of suspicious emails or RDP sessions.
Team Collaboration: Adding shared workspaces for analyst teams to hunt threats together.
Log in or sign up for Devpost to join the conversation.