Aegis Vault
Inspiration
We kept asking ourselves one question: what happens to every bank account in the world the day a quantum computer becomes powerful enough to break RSA?
The answer is terrifying, and it's not a distant hypothetical. Intelligence agencies and nation-state actors are already running "harvest now, decrypt later" campaigns, intercepting encrypted financial traffic today and stockpiling it for the day quantum hardware catches up. NIST launched an emergency 8-year standardization program in 2016 specifically because of this. HSBC partnered with Quantinuum. The EU passed the Cyber Resilience Act. The entire financial infrastructure of the world is quietly racing against a clock most people don't know is ticking.
We wanted to build something that made that threat visible, and showed what the defense actually looks like in practice.
What it does
Aegis Vault is a real-time, quantum-safe financial security platform with three integrated layers:
Quantum Encryption Layer, Every transaction is encrypted using CRYSTALS-Kyber-1024, the key encapsulation mechanism selected by NIST as a post-quantum standard. We generate real Kyber-1024 keypairs, produce real 1,568-byte ciphertexts, and store them in the transaction ledger. The Red Team Lab runs a live demonstration: RSA gets cracked on-screen in seconds via Pollard's Rho factorization, while a Kyber-1024 brute-force attempt at 10¹⁵ operations per second shows an ETA of 10³⁰ years.
Live Transaction Engine, A FastAPI backend streams real financial transactions over WebSocket every 2.5 seconds. Each one carries an anomaly score, encryption metadata, and a quantum verification status. Everything is persisted to SQLite.
Aegis AI, Autonomous Self-Healing, When a threat is detected, no human is in the loop. Aegis auto-freezes accounts and rolls back transactions in under a second based on behavioral scoring. Three attack scenarios are demoed live: velocity attacks, large transfer anomalies, and credential replay, all caught and neutralized in real time.
How we built it
We built the entire stack in 24 hours.
The backend is Python + FastAPI, with WebSocket endpoints driving the live dashboard. The anomaly detection engine scores every transaction against velocity, amount, and signature rules, then broadcasts freeze/rollback events to all connected clients instantly. We used kyber-py for real CRYSTALS-Kyber-1024 key generation and encapsulation, not a simulation, actual lattice-based cryptography running per transaction. SQLite via aiosqlite gives us async persistence without the overhead of a full database server.
The frontend is Next.js 15 with the App Router, TypeScript, Tailwind CSS v4, and Recharts for the analytics charts. We built two complete frontend variants, a focused dashboard and a richer command-center layout, both connected to the same live backend. The Aegis chat interface is backed by GPT-4o-mini with a system prompt that makes it speak like an embedded security copilot, not a generic assistant.
We also built bank_node.py and internet_node.py as standalone simulation scripts, a bank node that processes transactions and an internet node that simulates adversarial traffic, letting us demo the full attack surface independently of the UI.
Challenges we ran into
Making cryptography legible. Real Kyber-1024 ciphertexts are 1,568 bytes of opaque binary. Making that mean something to a judge who isn't a cryptographer, in under 5 minutes, required building the Red Team Lab comparison from scratch. Showing RSA crack in real time next to a Kyber brute-force attempt that would take longer than the universe has existed is the only explanation that actually lands.
WebSocket state synchronization. The dashboard has five panels that all update from the same WebSocket stream, transaction feed, Aegis event log, account statuses, fraud counter, and response time stats. Keeping them consistent under rapid-fire events (especially during attack simulations that fire 10 transactions in 2 seconds) required careful broadcast sequencing and client-side state management.
Embedded git repos. Both frontend directories had their own .git folders, which meant they committed as submodule pointers instead of actual files. We caught it post-push and had to strip the nested .git folders and force-push clean history.
Scope discipline in 24 hours. The roadmap had ML anomaly detection, QRNG entropy seeding, and PDF audit log export. We cut all of it and shipped the rule-based engine instead. It demos better anyway, deterministic behavior means the attack simulation always works, every time, in front of judges.
Accomplishments that we're proud of
Real post-quantum cryptography, not theater. Every "encrypted" transaction in the dashboard has an actual Kyber-1024 ciphertext behind it, generated from a real keypair using a reference implementation of a NIST-standardized algorithm. Most hackathon crypto projects fake this.
Sub-second autonomous response. The Aegis engine detects, freezes, and rolls back in under 1 second with no human in the loop. That's not a UI trick, it's the backend detecting the anomaly, updating SQLite, and broadcasting the freeze event over WebSocket before the next transaction fires.
Three innovations in one build. Post-quantum KEM, autonomous self-healing, and live red-team comparison. Any one of them would be a complete project. We shipped all three.
Two complete frontends. We built the dashboard twice, once as a focused security monitor, once as a full command-center with a Deus AI chat interface and multi-page navigation. Both are connected to the live backend.
What we learned
Quantum cryptography is not actually hard to implement, the hard part is knowing which algorithm to use, why it works, and what threat it's defending against. CRYSTALS-Kyber-1024 isn't magic; it's a lattice-based key encapsulation mechanism whose security rests on the hardness of the Module Learning With Errors problem, which remains intractable even for quantum computers. Understanding that took longer than writing the code.
We also learned that the best demo is one where the threat is visceral. Telling judges "RSA is broken by quantum computers" lands differently than showing them RSA crack in 3 seconds while Kyber sits completely unaffected. Build for the moment of realization, not for the explanation.
And: scope cut early beats scope cut at demo time. Every feature we removed in hour 8 was a feature that would have broken in hour 23.
What's next for Aegis Vault
QRNG entropy seeding — Call the ANU Quantum Vacuum Fluctuation API to seed Kyber keypairs with provably random entropy from quantum vacuum fluctuations. Replaces CSPRNG with actual quantum randomness.
ML anomaly detection — Replace the rule-based scorer with a scikit-learn Isolation Forest trained on the live transaction stream. Scores drift as the model learns normal behavior, catching novel attack patterns the rule engine would miss.
Kyber decapsulation verification — Run Kyber1024.decaps(sk, ciphertext) per transaction, assert shared secrets match, and surface a cryptographic "✓ Verified" badge in the feed. Right now we encapsulate; full round-trip verification is the next step.
SOC2 audit log PDF export — Generate a compliance-ready PDF of the Aegis event log via reportlab. One button, instant artifact for a security audit.
liboqs bindings — Replace kyber-py (pure Python) with the official liboqs Python bindings for production-grade performance. Same algorithm, orders of magnitude faster key generation and encapsulation.
Log in or sign up for Devpost to join the conversation.