NeoHarbor Security

• 

  Log in Page, with demo mode and clerk login. For now it supports Google, Microsoft and Slack.

• 

  Data source Selection page. Now in demo mode, it supports AWS and third party data source.

• 

  Dashboard page.

• 

  Alert Summary, with active alerts and top IOCs, user can use filter.

• 

  Select the first active alert, use multiple agents to analysis it.

• 

  Resolved alert.(the last alert in demo mode), user can check the result

• 

  Setting page

• 

  Compliance detail page

• 

  Help page

Inspiration

As someone with SOC experience in Hong Kong, we saw thousands of false alerts overwhelm teams, wasting time and driving up costs. That challenge inspired us to build an AI-driven SOC.

We also recognize Hong Kong’s upcoming PI Ordinance in 2026. Today, CIOs must choose between speed and compliance. Our goal is to solve that paradox by building an agent where compliance is built in from the start.

What it does

NeoHarbor Security operates as your organization's central nervous system for cyber-risk, uniquely blending deep business understanding with regulatory automation. It doesn't just react to threats; it manages security as a dynamic business process.

1. The Intelligent Decision Engine: Where Business Context Meets Adaptive Learning At its core is a Live Business Context Graph that maps your technical infrastructure to your critical workflows and real-time events. This intelligence is continuously refined through Adaptive Playbooks. Every time your security team overrides an automated decision, the system learns the business logic behind the override. This creates a continuously evolving, organization-specific risk model that ensures responses align perfectly with your unique risk tolerance and operational priorities.

2. Transparent, Orchestrated Action with Explainable Intent Our multi-agent workforce collaborates with human-like reasoning, communicating its "Explainable Intent" in plain English before taking action. You won't see cryptic alerts. Instead, you get clear justifications like: "It is recommended to block IP 192.0.2.1 because it is attempting lateral movement from a compromised marketing server towards the core payment processing chain, which is currently handling 40% of daily transactions." This builds trust and allows for swift, informed human oversight.

3. The Autonomous Compliance Officer for Hong Kong This intelligent engine is hardwired with the requirements of Hong Kong's Critical Infrastructure Ordinance. It functions as your 24/7 Autonomous Compliance Officer:

• Instant Reporting: The moment a serious incident is confirmed, it automatically drafts the mandatory report for the OGCIO within minutes, embedding all necessary forensic data to guarantee compliance with the strict 12/48-hour deadlines.
• Continuous Audit Trail: Every action—by AI or human—is logged in a permanent, regulator-ready format, turning the biennial audit from a weeks-long scramble into a simple report generation exercise.
• Mandatory Drill Mode: The platform includes a built-in simulator to effortlessly execute the required bi-annual security drills, producing compliant after-action reports that prove due diligence to regulators.

In essence, NeoHarbor Security translates technical threats into actionable business and compliance outcomes, ensuring you are not just secure, but also audit-ready, by design.

How we built it

NeoHarbor Security, an Agent-native AI SOC, were built by integrating multiple AWS services into a multi-agent pipeline that mirrors the real-world SOC analyst workflow. The core components include:

• Event Ingestion and Orchestration: Using Amazon EventBridge to capture alerts from sources like AWS CloudTrail, GuardDuty, and third-party SIEMs. Events are routed to corresponding agents via Lambda.
• Agent Execution Layer: Built on AWS Step Functions with Lambda-based micro-agents. Each agent handles a specific role: Planning, Execution (context gathering), Analysis, and Response.
• Reasoning with Bedrock: Integrated Amazon Bedrock models to perform real-time alert summarization, compliance mapping, and response recommendations using custom RAG loops.
• Data Persistence: Used Amazon DynamoDB for maintaining tenant-specific alert histories, analyst notes, and investigation snapshots.
• Frontend Visualization: Deployed a lightweight React dashboard to visualize SOC activity and agent decisions in real-time, enabling full transparency and auditability.

Challenges we ran into

• Multi-agent orchestration: Designing a reliable agent-to-agent handoff system with error recovery and timeout fallback required fine-tuned coordination between EventBridge, Step Functions, and Lambda.
• Latency constraints: Achieving low-latency response under the serverless stack while preserving context-rich data flow across agents.
• SIEM variability: Normalizing alert schemas from multiple cloud and third-party sources (e.g. Sentinel, Splunk, Defender) into a unified format for agents to process.
• Security guardrails: Ensuring AI-generated recommendations respect compliance frameworks like HKMA TM-G-1 and ISO27001 during automated triage and response steps.
• Debugging Bedrock prompts: Iterating on prompts and context windows to make model outputs structured, reliable, and auditable under enterprise use cases.

Accomplishments that we're proud of

• Agent-native SOC prototype built in under one week, showing end-to-end autonomous detection, analysis, and response on real AWS alerts.
• Created a modular agent framework that mirrors human SOC workflows and supports plug-and-play with future Bedrock models or third-party APIs.
• 90% alert noise reduction benchmarked on simulated data, freeing Tier 1 analyst time.
• Fully serverless deployment with zero infrastructure ops, leveraging AWS-native scalability and security.
• Enabled a regulatory-aligned RAG pipeline, mapping alerts directly to real-world compliance controls.
• Visualized the entire multi-agent reasoning pipeline in a live dashboard, increasing trust and explainability.

What we learned

• Agents work better when they behave like teams. Building modular, role-based agents (Planner, Executor, Analyst, Responder) allowed for better control and error handling than relying on a single monolithic LLM task.
• Prompt design is product design. The success of each agent’s reasoning loop heavily depended on precise prompt tuning, input structure, and memory control.
• Serverless = speed. Leveraging AWS Lambda and Step Functions made it possible to prototype enterprise-grade systems without heavy DevOps.
• Speed trumps perfection. Early test users provided valuable feedback even on imperfect MVPs. Getting real alerts flowing into the system early was key.
• The future of SOC is AI-first, not just AI-assisted. Autonomous agents can now handle not just detection but also full alert lifecycle management, freeing human analysts to focus on high-leverage response and threat hunting.

What's next for NeoHarbor Security

Our ultimate vision is to transform regulatory compliance from a localized constraint into a universal competitive advantage, setting a new global standard for intelligent security operations.

Phase 1: The Hong Kong Pilot & Foundation (Now - End of 2025)

• Focus: Prove and Refine.
• Action: We will launch controlled pilots with 3-5 key players in Hong Kong's financial and transport sectors—those most impacted by the new Ordinance. Concurrently, we will build the "Universal Translator" orchestration layer to integrate specialized agents.
• Goal: Validate the autonomous compliance engine with legal experts and demonstrate tangible ROI by slashing audit preparation time and eliminating compliance anxiety for our pilot partners.

Phase 2: The Ecosystem & Intelligence Expansion (2025 - 2026)

• Focus: Scale and Dominate.
• Action: We will establish formal partnerships with top-tier HK law firms and audit practices, making NeoHarbor Security their recommended technical platform. This ecosystem play will create an unbreakable network effect. Technologically, we will launch an integration marketplace for third-party agents and deploy Predictive Business Impact Modeling.
• Goal: Become the de facto standard for critical infrastructure protection in Hong Kong. Clients will not only be compliant but will be able to simulate how emerging threats could impact their specific revenue streams before an attack occurs.

Phase 3: The Global Blueprint (2026+)

• Focus: Replicate and Lead.
• Action: The "Compliance-by-Design" architecture, proven under Hong Kong's stringent laws, becomes our blueprint for global expansion. We will adapt the platform for other highly regulated markets like Singapore's CCoP, Australia's SOCI Act, and the EU's GDPR and NIS2 Directive.
• Goal: Position NeoHarbor Security as the global leader for intelligent, compliant security operations, proving that the most regulator-ready SOC is also the most resilient and business-aware.

Built With

• amazon
• awssecuritylake
• bedrock
• clerk
• css
• guardduty
• hono
• python
• radix
• react
• supabase
• tailwind
• typescript
• vite