Inspiration Modern Cyber-Physical Systems (CPS), particularly smart microgrids, are increasingly vulnerable to sophisticated cyber threats like False Data Injection Attacks (FDIAs). Traditional threshold-based security measures often fail to catch mathematically disguised anomalies that manipulate critical telemetry. The inspiration for Residuum_Modulus was to bridge the gap between raw, high-velocity industrial telemetry and the advanced reasoning capabilities of modern LLMs, creating an autonomous sentinel capable of defending critical infrastructure with zero-latency enterprise dispatch.
What it does Residuum_Modulus acts as a fully autonomous Security Operations Center (SOC) for networked power systems. Currently monitoring Microgrid3 (Industrial), the platform ingests live Load and Photovoltaic (PV) generation data.
The Chaos Engine: Simulates active threat vectors by injecting real-time FDIAs, physically decoupling the telemetry stream.
The Autonomous Sentinel: A LangGraph agent continuously evaluates the grid's physical manifold. The moment an anomaly breaches the physical constraints (e.g., PV collapsing while Load spikes), the Sentinel intercepts the compromised packet, autonomously authors a comprehensive threat mitigation protocol, and instantly dispatches a localized alert to the engineering team via Slack webhooks.
The SOC Dashboard: Provides a live, real-time interactive radar and threat-report viewer, granting complete visibility into the industrial grid's health.
How we built it The architecture is structured across an Edge-Fog-Cloud paradigm:
Backend & Orchestration: Built entirely in Python. The autonomous reasoning loop is powered by Gemini 2.5 Pro via Vertex AI, orchestrated using LangGraph to manage tool execution and state.
Telemetry Pipeline: Real-time industrial telemetry is streamed to and queried from a MongoDB Atlas cluster.
Frontend: The interactive SOC dashboard was engineered using Streamlit and Pandas, utilizing native fragment rendering to update the visual radar and mitigation reports asynchronously without full-page reloads.
Deployment: The entire master architecture, including the daemon and web server, is hosted live on a globally accessible Google Compute Engine virtual machine running Debian 12, secured behind a custom firewall configuration and kept immortal using tmux.
Challenges we ran into Deploying an LLM to monitor a high-velocity data stream introduced complex asynchronous timing issues. Handling the real-time telemetry pipeline between MongoDB Atlas and the Streamlit frontend required precise loop management to prevent memory leaks and dashboard crashing. Furthermore, ensuring the LangGraph agent could extract, format, and push Markdown-based mitigation reports to the live UI without interrupting the ongoing radar sweep required engineering isolated native fragments within the application layer.
Accomplishments that we're proud of We successfully engineered a system that requires absolutely zero human intervention. From the moment the simulated FDIA hits the industrial pipeline, the anomaly is detected, analyzed, documented, and dispatched to a Slack channel entirely by the autonomous agent. Deploying the full stack to a live Google Cloud production server and maintaining unkillable background processes bridges the gap between a local hackathon project and an enterprise-ready security platform.
What's next for Residuum_Modulus The next evolution involves moving from passive mitigation reporting to active bidirectional grid isolation. We plan to integrate hardware-in-the-loop (HIL) simulations so the LangGraph agent can not only dispatch alerts but also autonomously send physical relay commands back to the microgrid to isolate compromised nodes before the malicious payload reaches the physical switchgear.
Log in or sign up for Devpost to join the conversation.