Inspiration
Every week another startup makes headlines for a data breach. The scary part? Most never saw it coming. A penetration test costs $50,000 and takes six weeks — for a seed-stage startup, that's not a budget line, it's a fantasy. So founders cross their fingers and ship. We built RedBox because that's not good enough.
What it does
Paste any domain or GitHub repo. In 60 seconds, RedBox simulates exactly how an attacker would breach your system — the recon, the exploit chain, the escalation path, and the estimated damage. Real-time streaming terminal shows every step live. No security team required. No invoice.
How we built it
- WunderGraph orchestrates the entire pipeline
- Tinyfish browses targets like a real attacker
- Nexla transforms raw signals into threat intelligence
- Redis powers agent memory and result caching
- Ghost (TigerData) stores scan history and intelligence
- Gemini AI generates target-specific attack chains
- Akash runs distributed simulation nodes
- Guild.ai tracks every scan as an experiment
- InsForge manages the 4-agent workflow
- Chainguard secures the container runtime
Challenges we ran into
Keeping SSE streaming stable across 4 parallel agent pipelines without UI lag. Making real passive recon feel cinematic without ever executing actual exploits. Getting every sponsor tool genuinely integrated — not just name-dropped.
Accomplishments that we're proud of
Built a full multi-agent security platform in one day. Every sponsor tool is visibly active in the UI — sponsor pills light up green in real time as each tool activates during a scan.
What we learned
Demo mode is not optional — it's the product. Every external dependency needs a graceful fallback so nothing breaks on stage.
What's next for RedBox AI
Scheduled autonomous monitoring, CI/CD pipeline integration to scan every deploy automatically, and team dashboards for engineering orgs.
Log in or sign up for Devpost to join the conversation.