Fragments

Inspiration

Modern networks are increasingly complex, but the tools used to understand them are still fragmented, technical, and reactive. Traditional scanners like Nmap provide raw data, but not context or clarity. We wanted to build something that goes beyond scanning a system that interprets network data, highlights risk, and presents it in a way that’s immediately actionable.

A simple idea inspired fragments: What if you could see your network the way an attacker does, clearly, instantly, and intelligently?

What it does

Fragments is an AI-powered network security mapper and defender.

It scans a network, discovers all connected devices, identifies their characteristics (IP, MAC, OS, open ports), and assigns each device a risk score based on real security factors like exposed services and vulnerabilities.

The platform then visualizes the entire network as an interactive graph, allowing users to explore devices, detect anomalies, and identify threats in real time.

On top of that, Fragments includes an AI layer that allows users to ask questions about their network in natural language and receive evidence-backed answers, turning raw scan data into meaningful insight.

How we built it

Fragments is built with a modular full-stack architecture designed for clarity and scalability:

Backend: Python with FastAPI Network scanning using scapy and Nmap Risk scoring and threat detection engine SQLite for structured data storage ChromaDB for vector-based retrieval (RAG) Frontend: Next.js (TypeScript) Interactive network visualization using D3.js Real-time updates via WebSockets Clean, minimal UI following a strict design system AI Layer: Dual-provider architecture supporting both local LLMs (via Ollama) and Claude Retrieval-Augmented Generation (RAG) for context-aware responses Centralized abstraction layer to keep the system provider-agnostic

This approach ensures the system is fast, deterministic, and AI-enhanced without being AI-dependent.

Challenges we ran into

One of the biggest challenges was balancing real-time network scanning with system performance. Gathering detailed device data while keeping scans fast required careful orchestration and optimization.

Another major challenge was designing a clean abstraction layer for LLMs. We needed the flexibility to switch between local and cloud models without rewriting code, which required strict architectural discipline.

We also faced complexity in visualizing network topology in a way that was both accurate and intuitive. Building a dynamic, force-directed graph that updates in real time while remaining readable was non-trivial.

Accomplishments that we're proud of

We’re especially proud of building a system that combines deterministic security analysis with AI reasoning in a meaningful way.

Fragments doesn’t just collect data; it interprets it, scores it, and explains it.

Other highlights include:

A fully functional real-time network visualization engine A deterministic risk scoring model that produces consistent results A clean LLM abstraction layer that supports multiple providers seamlessly A polished UI that makes complex network data easy to understand

What we learned

Through this project, we learned the importance of strong system design and clear boundaries between components. Keeping the backend, frontend, and AI layers decoupled made the system significantly easier to build and extend.

We also gained experience in balancing traditional cybersecurity techniques with modern AI capabilities, understanding when to rely on deterministic logic versus AI-driven interpretation.

Finally, we learned how critical user experience is in security tools, even the most powerful analysis is useless if it isn’t clear and actionable.

What's next for Fragments

Fragments will evolve from a single-network tool into a distributed security platform.

Next steps include expanding to multi-site deployments with lightweight scanner agents and building toward a city-wide dashboard where organizations can share anonymized risk data to improve collective security.

On the product side, we’re adding a RAG-powered security chatbot for natural language investigation and a compliance engine that generates reports from standards like NIST and HIPAA.

Long term, our goal is to create a shared cyber defense layer that helps organizations detect and respond to threats together, not in isolation.