Sentinel Live

Sentinel Live is an autonomous AI SOC analyst powered by Gemini Live that detects cyber threats in real time, alerts via voice, and executes security actions using natural voice commands.

Comment

Inspiration

Security teams today are overwhelmed by endless alerts and dashboards. We wanted to explore what happens if AI could act like a real SOC analyst — proactively monitoring threats and speaking to you when something goes wrong. Sentinel Live was inspired by the idea of a voice-first AI security commander that doesn't just wait for queries but actively protects the system

What it does

Sentinel Live is an autonomous AI security analyst powered by Gemini Live that monitors security logs in real time. When it detects suspicious behavior like brute force attacks or data exfiltration, it interrupts with a voice alert and explains the threat. Users can respond naturally with voice commands like “neutralize it” or by clicking on "Neutralize button" to trigger remediation actions.

How we built it

We built Sentinel Live using Gemini Live API for real-time audio interaction, FastAPI for the backend, and Firestore for storing logs and incidents. A Streamlit dashboard provides the visual SOC interface while WebSockets stream audio between the browser and Gemini. The backend also runs anomaly detection logic that identifies attacks and triggers AI alerts automatically.

Challenges we ran into

One major challenge was building a reliable real-time audio pipeline between the browser, backend, and Gemini Live API. Handling streaming audio, WebSockets, and tool calls simultaneously required careful async architecture. We also had to ensure incidents were deduplicated so the AI wouldn't repeatedly alert about the same threat.

Accomplishments that we're proud of

We're proud of creating a fully autonomous AI security analyst that proactively detects threats and speaks to the user in real time. The system combines voice interaction, anomaly detection, and AI tool calling into a seamless experience. Seeing Sentinel detect an attack felt like watching a real SOC assistant come to life.

What we learned

This project taught us a lot about building real-time multimodal AI systems and designing architectures that combine streaming, AI reasoning, and backend services. We also learned how powerful voice interaction can be for operational tools. AI feels much more natural when it can speak and listen instead of waiting for typed commands.

What's next for Sentinel Live

Next, we want to expand Sentinel Live with advanced threat detection models, real firewall integrations, and multi-user SOC collaboration features. We're also exploring real-time attack visualization and integrations with SIEM tools. The long-term vision is a fully autonomous AI SOC assistant that can monitor, investigate, and respond to incidents end-to-end.

Built With

Share this project:

Updates