SENTINEL-X: Autonomous Cyber-Physical Defense

Stuxnet (2010) The First Cyber-Physical Weapon
Sentinel-X maintaining an active industrial link in a secure state.
Aerosol Attack A
Aerosol Attack B
Reasoning Engine
Autonomous Lockdown

🚨 Inspiration: The "Stuxnet" Paradox

In 2010, the Stuxnet cyberweapon destroyed nearly 1,000 nuclear centrifuges. It didn't just break them it did something far more terrifying: it lied.

Stuxnet performed a "Man-in-the-Middle" attack on the digital sensors, feeding the control room pre-recorded "Normal" data while the physical machinery vibrated apart. The human operators stared at green screens while the facility burned.

16 years later, this is still a fatal blind spot in Critical Infrastructure. Our Firewalls protect the data, but nothing protects the reality.

We built SENTINEL-X to fix this.

🛡️ What it does

SENTINEL-X is an autonomous "Marathon Agent" that introduces a Physical Verification Layer to cybersecurity.

Instead of trusting digital logs blindly, Sentinel-X uses Gemini 3 Vision to "see" the physical state of the machinery and cross-reference it with the digital telemetry in real-time.

It continuously solves this logic equation 24/7:

$$\text{Action} = \begin{cases} \text{KILL SWITCH}, & \text{if } State_{Physical} \neq State_{Digital} \ \text{MONITOR}, & \text{if } State_{Physical} \approx State_{Digital} \end{cases}$$

If the digital sensor says "Temp: 22°C (Safe)" but Gemini 3 sees Ice Formation or Smoke, Sentinel-X detects the anomaly as a "Stuxnet-style" spoofing attack and triggers an Autonomous Kill-Switch to isolate the hardware no human intervention required.

⚙️ How we built it

We architected a dual-threaded Neuro-Symbolic Agent using Python 3.10.

1. The Digital Cortex (Industrial Protocol)

We used pymodbus to simulate a Programmable Logic Controller (PLC) transmitting standard industrial telemetry (Modbus TCP) over a local network. This represents the "Digital Truth" that hackers usually spoof.

2. The Visual Cortex (Gemini 3)

We capture live frames from a monitoring webcam and stream them to the Gemini 3 Flash API. We utilized Gemini's native multimodal reasoning to interpret complex physical states (e.g., distinguishing between "Steam" and "Smoke," or detecting "Frost").

3. The Arbiter (The Brain)

An asynchronous event loop compares the two data streams using a confidence threshold.

async def marathon_loop():
    digital_state = await read_modbus_registers() # e.g., 22°C
    visual_state = await gemini_vision.analyze(frame) # e.g., "FROZEN"

    if visual_state.danger_level > 0.85 and digital_state == "NORMAL":
        await terminate_process_id() # KILL SWITCH

🧠 Challenges we ran into

Latency vs. Accuracy: Industrial systems need <100ms reaction times. Initially, sending every frame to the LLM introduced too much lag. We solved this by implementing a "Change Detection" filter—only sending frames to Gemini when pixel-level movement is detected.

The "Hallucination" Risk: An AI cannot accidentally shut down a power plant. We implemented a "Double-Check Protocol" where Gemini must identify the anomaly in two consecutive frames with a confidence score >85% before the kill-switch is engaged.

🏆 Accomplishments that we're proud of

Real-Time "Stuxnet" Prevention: We successfully simulated a "Frozen Pipe" attack where digital logs were spoofed. Sentinel-X identified the visual frost, realized the logs were lying, and cut the connection in under 3 seconds.

The "Marathon" Architecture: This isn't a chatbot. It is a daemon that runs indefinitely, proving that Gemini 3 is capable of acting as an always-on infrastructure guard.

📚 What we learned

We learned that the "Action Era" isn't just a buzzword. Moving from "Chat" to "Autonomous Action" requires a fundamental shift in how we handle state. We had to build a system that maintains a persistent "World Model" rather than just responding to stateless prompts.

We also learned the power of multimodal reasoning Gemini 3 didn't just "see" the image; it understood the physics of the scene.