CyberShield AI Agent

Inspiration

Modern cloud networks are constantly bombarded with security threats. Monitoring tools like Dynatrace flag these issues, but security teams often struggle to analyze and patch them in real-time. We were inspired to build an intelligent, autonomous agent that not only detects threats but instantly tells you how to fix them using AI.

What it does

CyberShield AI Agent is a next-generation security dashboard. It integrates cloud observability data with the Google Gemini API. The dashboard features a dual-mode system: a Demo Mode to simulate active threats (like SQL Injection or Log4j) and generate comprehensive AI Analysis Reports with step-by-step mitigation plans, and a Live Mode that confirms a 100% secure infrastructure status.

How we built it

We developed the core logic using Python and built the user interface with Streamlit, customizing it with a premium cyber-dark and neon-glow CSS theme. We utilized the Google Gemini API as our cognitive AI engine to ingest simulated threat logs, evaluate overall system safety percentages, and output actionable security patches. Version control and documentation were managed entirely on GitHub.

Challenges we ran into

One of the main challenges was designing a dynamic UI that could seamlessly switch between live secure telemetry and high-threat demo logs without crashing. Fine-tuning the prompt engineering for Gemini to ensure it consistently returned structured, accurate mitigation steps rather than generic advice was also a rigorous process.

Accomplishments that we're proud of

We are incredibly proud of creating a sleek, highly responsive, and production-ready security dashboard. Achieving an end-to-end simulation where the AI cuts down incident response times from hours to seconds—delivering an instant threat analysis report—is a huge win for us.

What we learned

We gained deep insights into combining enterprise observability tools with Generative AI. We mastered custom theme engineering in Streamlit, advanced prompt structuring for security contexts using the Gemini API, and learned how to model real-world vulnerabilities like RCE and SQL injections realistically.

What's next for CyberShield AI Agent

The next step is to fully productionize the live data pipeline by directly integrating live webhooks from a Dynatrace tenant. We also plan to implement an automated patching feature where the AI agent can safely execute scripts to fix minor vulnerabilities autonomously with human-in-the-loop approval.

Built With

css
markdown
python
streamlit

Submitted to

Google Cloud Rapid Agent Hackathon

Created by

In this hackathon, my primary focus was to bridge the critical gap between complex multi-cloud observability and autonomous cybersecurity mitigation using advanced AI.
My key contributions include:
Architecture & Ideation: Conceived and engineered the core architecture of CyberShield AI Agent, transforming Gemini Pro from a passive assistant into an active, autonomous cloud security copilot.
Observability Integration: Built the continuous security telemetry pipeline by leveraging the Dynatrace MCP Server to ingest live, high-volume Google Cloud Platform (GCP) logs in real-time.
Autonomous Threat Hunting Engine: Developed and optimized complex Dynatrace Query Language (DQL) streams to filter out noise and instantly isolate critical attack footprints, such as Log4Shell (RCE) and SQL Injection (SQLi) probes.
Zero-Trust Automated Remediation: Programmed the automated feedback loop that translates Gemini's contextual threat intelligence into actionable, immediate security blueprints—including Google Cloud Armor WAF rules to block attacker IPs at the edge, secure parameterized Python code patches, and strict Kubernetes Network Policies for instant workload isolation.
Compliance Automation: Standardized the agent's final output to generate a SOC-2 compliant JSON incident report, making it ready for enterprise SIEM platforms like Google Chronicle.
By orchestrating this end-to-end loop, I successfully managed to reduce the traditional Mean Time to Respond (MTTR) from 120 minutes of manual audit to just 15 seconds—providing a true blueprint for the future of autonomous cloud defense.

MD. ABDUR RAHMAN HRIDOY
Tech enthusiast and college student. Eager to learn, collaborate, and build innovative projects at hackathons.

Updates

MD. ABDUR RAHMAN HRIDOY posted an update — May 24, 2026 05:15 AM EDT

Project Update: CyberShield AI Agent is Live! We are thrilled to post our official development log for CyberShield AI Agent! Here is a breakdown of how the project evolved from an idea to a fully functioning autonomous security copilot: Phase 1: The Pipeline Setup Connected GCP Cloud Logging with the Dynatrace MCP Server using Dynatrace Query Language (DQL) to catch live threats instantly. Phase 2: Integrating Gemini Pro Fed the live DQL streams into Gemini Pro, training the model to read context and separate true Indicators of Compromise (IoC) from normal background noise. Phase 3: Automated Remediation Loop Coded the feedback loop to automatically generate Google Cloud Armor WAF rules and strict Kubernetes Network Policies to isolate workloads in under 15 seconds.

Log in or sign up for Devpost to join the conversation.

MD. ABDUR RAHMAN HRIDOY started this project — May 24, 2026 12:05 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.