SPECTER-AI is a portable security response system for SOC analysts. We built it to explore how AI can help with incident response while still keeping a human in control.
Our demo uses an intentionally vulnerable bank login page. When an attacker attempts a SQL injection, the backend detects the suspicious input and sends an alert to the wearable. The wearable displays the attack type and source IP on an LCD, flashes an LED, and buzzes to get the user’s attention.
The analyst can then respond through a voice assistant. If they ask the AI to run a defense command, the backend checks the wearable’s physical authorization dial before taking action. The dial has three modes: MONITOR, ALERT_ONLY, and DEFENSE_READY. If the dial is not set to DEFENSE_READY, the defense is denied. If it is authorized, the backend blocks the attacker IP and the wearable confirms that the threat was blocked.
We built the backend with Python and FastAPI, used OpenAI Realtime API for voice interaction, and used a Particle Argon for the wearable hardware. The wearable includes an LCD, LED, buzzer, button, and potentiometer dial. Communication between the backend and hardware uses Particle Cloud, webhooks, and ngrok.
One of our main challenges was making the hardware and backend stay synchronized. We solved this by having the wearable send regular heartbeat messages with its current dial mode. The backend uses this heartbeat to decide whether the device is online and whether defensive actions are authorized.
The main thing we learned is that AI response systems need more than speed. They also need clear control and accountability. Our physical dial gives the user a simple way to decide when the AI is allowed to act, which made the wearable feel like more than just an alert device.
Log in or sign up for Devpost to join the conversation.