Detective AI

Malware_Agent turns sandboxing into an active analyst by combining Daytona isolation with LLM behavior analysis and ElevenLabs voice reports for safe, clear security insights.

Comment

Inspiration

We were inspired to bridge the gap between complex cybersecurity tools and everyday users by creating an accessible, voice-activated security analyst. Our goal was to leverage the reasoning capabilities of modern Multi-Modal AI to demystify malware analysis and make data forensics approachable for everyone.

What it does

Detective AI uses specialized agents to perform secure static and dynamic malware analysis inside isolated sandboxes, generating comprehensive threat reports. Users can interact with the system entirely through voice to upload data, request visualizations, and listen to audible summaries of potential security risks.

How we built it

We developed a modern full-stack application to orchestrate a backend of agents. The system integrates ElevenLabs for natural voice interaction and Daytona sandboxes to safely execute and monitor suspicious code in real-time.

Challenges we ran into

One major hurdle was coordinating the asynchronous communication between multiple AI agents while ensuring low latency for a smooth conversational voice interface. We also faced significant complexity in safely capturing telemetry from the isolated sandboxes to accurately detect malicious behaviors without compromising the host system.

Accomplishments that we're proud of

We successfully implemented a robust multi-stage malware analysis pipeline that combines static code evaluation with dynamic execution monitoring to calculate precise risk scores. We are also proud of the seamless reporting feature that allows the AI to explain complex technical findings and data visualizations in clear, conversational language.

What we learned

We learned valuable lessons about the critical importance of secure execution environments when automating code analysis and the nuances of prompting LLMs for specific security contexts. The project also taught us effective patterns for building multi-agent architectures that can handle distinct tasks like data visualization and threat detection simultaneously.

What's next for Detective AI

We plan to expand support for a wider variety of file formats and integrate real-time global threat intelligence feeds to enhance detection accuracy. Future versions will also include proactive remediation features, allowing the agent to automatically suggest and apply security patches to vulnerable systems.

LOOM RECORDING https://www.loom.com/share/a10454a61d414a0ab43a4fa5af279bfb

Built With

  • daytona
  • elevenlabs
  • sentry
Share this project:

Updates