Laminar

Architecture

Inspiration

Network security is currently stuck in a cycle of playing catch-up. Traditional systems rely on "dead logs" - data that is collected and analyzed minutes after an attack has already succeeded. This creates a dangerous Detection Gap where hackers win because the defense is looking at the past. We were inspired to build Laminar to turn the tide, moving from reactive forensics to real-time, autonomous defense.

What it does

Laminar is a real-time, agentic network defense platform that detects, analyzes, and mitigates threats in milliseconds.

By streaming live SDN network flows, Laminar:

Detects anomalies like DDoS attacks and port scanning in real time
Uses Gemini 2.0 Flash to reason over threats and generate structured remediation plans
Allows human-in-the-loop authorization for mitigations
Publishes mitigation commands back to the network, closing the loop
The result is a bi-directional control plane where detection, analysis, and mitigation happen in a single continuous stream.

How we built it

Laminar is built around data-in-motion and agentic reasoning:

SDN Flow Ingestion: Raw network flow data streams into Confluent Cloud (Kafka)
Real-Time Processing: A Flink-powered stream processor performs temporal reasoning to identify attack patterns instantly
AI Intelligence: We use Google Gemini 2.0 Flash for fast, low-latency reasoning, producing:
- Structured JSON remediation plans
- Confidence scores
- Human-readable explanations
Cost Optimization: A 30-second intelligent caching layer reduces LLM calls by ~70%
Control Plane: Authorized actions are published back to Kafka and consumed by an SDN controller to apply mitigations
Frontend: A React dashboard provides live visibility, explanations, and human-in-the-loop control
Cloud Infrastructure: The system runs on Google Cloud Run with scale-to-zero, making it highly cost-efficient This architecture enables Laminar to react in milliseconds instead of minutes.

Challenges we ran into

Latency vs. Intelligence: Balancing deep AI reasoning with real-time network constraints required careful model selection and caching strategies
Idempotent Mitigation: Preventing duplicate network rules meant building auto-skip logic into the agentic loop
Streaming Complexity: Designing reliable, low-latency stream processing for bursty attack traffic was non-trivial
Cost Control: Making LLM-driven security economically viable required aggressive optimization and architectural discipline
Each challenge pushed us to design with production readiness in mind.

Accomplishments that we're proud of

One of the most rewarding moments for us was seeing Laminar work end to end, exactly the way we had imagined it. Watching a simulated attack appear on the dashboard, seeing the reasoning behind it, and then safely mitigating it in real time made the whole project feel real.

We’re proud that Laminar isn’t just fast - it’s thoughtful. Instead of acting like a black box, the system explains its decisions and keeps humans in control. That balance between autonomy and trust was important to us, and getting it right felt like a big win.

What we learned

We learned that in networking, speed is everything. Even the smartest AI is useless if it takes too long to respond. Working with Gemini 2.0 Flash taught us how to prompt for structured JSON outputs that a machine can execute immediately. We also gained a deep appreciation for "data-in-motion" and how it changes the way you think about system architecture.

What's next for Laminar

The next step is to expand Laminar’s agentic capabilities to handle more sophisticated Layer 7 attacks and SQL injections. We also want to explore hardware-level integration, bringing this self-healing logic directly to physical switches and edge devices to protect internal corporate networks as effectively as we protect the cloud.