Fortress AI

Inspiration

In 2025, Hong Kong recorded a record 15,877 cyber incidents, a 27% surge from the prior year with phishing accounting for 57% of cases. SMEs face escalating AI-driven threats like agent misuse and supply chain attacks, compounded by 2026 regulatory mandates and the absence of in-house IT expertise.

What it does

FortressAI is a as a full-stack, container-native platform that deploys a trio of agentic AI defenders for proactive protection: Recon Agent: Continuously scans networks for vulnerabilities and misconfigurations. Simulation Agent: Executes AI-powered red-team simulations, generating realistic attack scenarios to test defenses. Response Agent: Automates remediation ; patching flaws, quarantining threats, or spinning up secure tunnels (modeled on ExpressVPN's architecture). Powered by ML anomaly detection via isolation forests, intelligent orchestration delivers self-healing autonomy, outpacing reactive, static tools.

How we built it

Backend ; We used FastAPI (Python) for its async-native design, which was critical for handling concurrent blockchain API calls without blocking. Business logic lives in dedicated service modules: wallet monitoring, token approval scanning, phishing URL detection, and smart contract analysis. All threat detection is heuristic-based deterministic scoring models that combine signals from the Etherscan API (transaction history), GoPlus Security (address/token risk flags), and crowd-sourced phishing feeds (MetaMask's eth-phishing-detect, PhishTank). This keeps responses fast and explainable without any ML inference overhead.

Frontend; We went with Next.js 14 + TypeScript, styled with Tailwind CSS, and animated with Framer Motion. The demo dashboard features a live attack visualization with a Hong Kong threat map, terminal-style output panels, and real-time charts (Recharts). The Guardian dashboard handles wallet registration, alert triage, and contract/URL analysis.

Real-Time Alerts ; Socket.IO (Python server + JS client) delivers threat alerts to authenticated users instantly over WebSocket. JWT tokens authenticate both REST requests and WebSocket connections, with user-to-socket mappings maintained server-side.

Data Layer ; PostgreSQL (with TimescaleDB extensions for time-series metrics) stores users, wallet profiles, alerts, and audit logs via SQLAlchemy 2.0. Redis handles API response caching (15-min TTL for blockchain data) and serves as the Celery task broker for async notification delivery. Alerts fan out to Discord webhooks, Telegram bots, SendGrid (email), and Twilio (SMS); all fire-and-forget via Celery workers so notification failures never block threat processing.

Compliance Logging* ; Each event gets a SHA-256 digest, designed to attach to a Hyperledger Fabric peer for immutable on-chain audit trails, with a simulated fallback if the peer is unavailable. Infrastructure ; The entire stack runs locally with a single docker compose up (7 services: frontend, backend, Celery worker, PostgreSQL, Redis, Hyperledger). Kubernetes manifests in infra/k8s/ target AWS EKS with Karpenter auto-scaling for production. Multi-Chain Support ; The platform monitors wallets across 7 EVM chains (Ethereum, BSC, Polygon, Arbitrum, Optimism, Avalanche, Base) with chain-specific USD price conversion and Etherscan's V2 multi-chain API.

Challenges we ran into

We couldn't simulate wallet drain since most available services have tight restrictions on them. Contract analysis currently combines explorer metadata + risk feeds + heuristic checks, not full symbolic execution in cluster by default. Some provider features require API keys that we need to pay for and may fallback to cache/partial signals without them.

Accomplishments that we're proud of

We were able to implement wallet monitoring, token approval scanner, smart contract analyzer, phishing URL checker, alert management and SIEM / IDS / firewall ingestion endpoints. Also we were able to connect real-time alert push over Socket.IO

What we learned

Building cybersecurity solutions require in depth knowledge to be able to identify how certain attacks occur. We had to go back to resources , youtube videos and people in the field to create a useful solution . Also it was our first building around a solution that utilized VPN thus we had to spend hours figuring out how to make it work out.

What's next for Fortress AI

We plan on testing it out on companies that face such challenges to see how we can improve the application. Also we plan on targeting other attacks such as SQL injections.

Theme - Cybersecurity