NGO Guardian

NGO-Guardian is an autonomous, zero-exploitation security platform that protects vulnerable non-profits from data breaches by finding flaws and providing empathetic fixes.

Comment

NGO-Guardian

Automated vulnerability detection for non-profits.

The Problem

Non-profits do the heavy lifting—managing refugee aid, running food banks, protecting vulnerable groups—but they don't have the budget for a $50k security audit. To get things done, volunteers often build tools fast using modern, easy-to-deploy frameworks.

The unintended consequence? They accidentally leave things like API keys, donor databases, or even shelter locations wide open on the internet.

The Solution

NGO-Guardian is a digital safety net. Instead of aggressive, hacker-style "red-teaming," we built a tool that safely scans non-profit infrastructure, flags exposed data, and hands them the exact code needed to fix it.

Core Features

  • Context-Aware AI Scoring: We use Claude to look at what is exposed, not just how. An open weather API is low priority; an exposed list of refugee locations is a 10/10 emergency.
  • Look, Don't Touch: Custom agents safely check for common misconfigurations (like public .env files or open GraphQL playgrounds) without ever scraping or downloading the sensitive data.
  • Automated Fixes: We don't just hand over a scary report. The engine generates plain-English explanations and ready-to-deploy .patch files so a non-technical founder can secure their app in minutes.
  • The Dashboard: A sleek React + TypeScript frontend that maps out vulnerabilities and risk scores in real-time.

How We Built It

  • Backend: Node.js/Express runs the custom scanning agents for non-invasive domain analysis.
  • Brain: Claude Sonnet acts as the Data Risk Classifier to evaluate data sensitivity and write the remediation code.
  • Frontend: A responsive Single Page Application built with React, TypeScript, and Vite, using custom state management to handle complex vulnerability data.

Challenges & Wins

The hardest part was building a scanner that accurately spots structural flaws—like broken access controls—without crossing the line into exploiting them. We're incredibly proud to have shipped a platform that flips the adversarial vibe of cybersecurity into an empathy-first tool for social good, complete with a highly responsive, dark-mode UI.

What's Next

Automating the outreach pipeline to draft polite, helpful emails to the affected non-profits, and building a network of volunteer devs to help them implement our fixes.

Built With

Share this project:

Updates