HackBear

logo
bear+pi
Dashboard
snowflake database

Inspiration

Why do only well-funded organizations get to know if they're secure? Nonprofits — food banks, women's shelters, community health clinics — handle some of the most sensitive personal data imaginable, yet a professional penetration test costs between $5,000 and $50,000. That's completely out of reach for organizations running on donations and volunteer hours. Meanwhile, the attacks keep coming. In 2024 alone, the Hamilton Community Foundation lost $920,000 to business email compromise, Philabundance lost $923,000 to the same type of attack, the IWK Foundation had donor data compromised via ransomware, and CIRO exposed the personal information of 750,000 investors in a massive breach. Every one of these organizations couldn't afford to know they were vulnerable before it was too late. HackBear was built to change that.

What it does

HackBear is a portable, covert, AI-powered penetration testing device hidden inside a teddy bear — built specifically for nonprofits that can't afford a traditional security assessment. You plug it in, walk away, and by morning you have a professional penetration testing report showing exactly what vulnerabilities exist on your network, ranked by severity, with plain-English recommendations. No IT team. No security expertise required. No subscription fee.

How we built it

The core is a Raspberry Pi 4 (4GB) running Kali Linux ARM, small enough to fit inside a standard teddy bear but powerful enough to run local AI models. An Alfa AWUS036ACH WiFi adapter handles monitor mode and packet injection — capabilities the Pi's built-in WiFi can't support. A PiSugar Battery HAT provides portable power, and a MEMS microphone handles passive audio capture. On the software side, Nmap and Bettercap handle network reconnaissance, Pwnagotchi passively collects WiFi handshakes, and the Shodan API enriches findings with external OSINT. The AI brain runs on Ollama + Gemma 2B (quantized to 4-bit for memory efficiency), which takes raw JSON scan output and transforms it into prioritized findings with CVE identification, severity rankings, plain-English explanations, and specific remediation steps. Whisper AI handles local audio transcription, and Tailscale provides secure remote access from anywhere. The final output is a fully formatted PDF report — indistinguishable from one produced by a professional security firm.

Challenges we ran into

Network access at demo time was the biggest hurdle. Sheridan College's enterprise NAC (802.1X) policy blocked HackBear from gaining full network access, which meant our planned live demo couldn't run as intended. We pivoted: the blocked scan became proof of concept. HackBear correctly detected and documented enterprise security controls, and the comparison between Sheridan's protected network and a typical unprotected nonprofit network became the most compelling part of our pitch. Running AI on-device pushed the Pi 4 to its limits. Loading Gemma 2B at full precision caused memory instability. We solved this with llama.cpp 4-bit quantization, which brought the model's RAM footprint down to approximately 1.4GB — comfortably within headroom. Thermal management inside a stuffed animal is genuinely tricky. The Pi 4 throttles above 80°C, so we used a low-profile heatsink, positioned the board near a gap in the bear's back seam for passive airflow, and set up thermal monitoring via Home Assistant to alert us above 75°C. Time — building working hardware, an AI pipeline, a remote access stack, a pitch deck, a demo report, and a live demo simultaneously in a hackathon window required ruthless prioritization.

Accomplishments that we're proud of

We built a fully functional covert penetration testing device that produces professional-grade security reports — and we fit it inside a teddy bear. The AI pipeline genuinely works: raw scan data goes in, and a clean, actionable report that a non-technical office manager can read and act on comes out. We're also proud of how we handled adversity — when the campus network blocked our demo, we turned it into the strongest moment of our pitch.

What we learned

Physical security is underrated. Every cybersecurity conversation focuses on software — firewalls, encryption, patching. But the most sophisticated firewall doesn't matter if someone can walk in and plug a device into your network. A teddy bear sitting on a shelf is invisible, and that's precisely the threat model most organizations have never considered. AI's most powerful role in security isn't attacking — it's translating. The gap between raw tool output and actionable intelligence is enormous. The moment we added Gemma 2B as an interpretation layer, a non-technical person could suddenly understand exactly what was wrong and what to do about it. Constraints drive creativity. Every hardware and network limitation we hit pushed us toward a better solution or a stronger narrative.

What's next for HackBear

hat's next for HackBear

Multi-device mesh deployment — multiple HackBears forming a sensor network across a large facility Cloud AI offload — offloading heavy inference to a GPU instance when on WiFi for faster, more thorough analysis Remediation automation — automatically generating network configuration patches alongside findings Nonprofit partnership program — deploying HackBears with real organizations for live validation