Inspiration
ThreatFlix started from a very simple thought: security tools are powerful, but for a solo developer or a small team, they often feel too heavy, too expensive, or too difficult to plug into a real project.
I am currently learning web development and building different kinds of tools as I learn. While working on applications, I kept thinking about how most developers only start thinking about security after something goes wrong. Large companies can afford full SOC teams, expensive dashboards, and complex monitoring systems. But most individual builders, students, indie hackers, and small teams do not have that luxury.
So the question became:
What if a developer could add an AI-powered security layer to their application as easily as installing a package?
That idea became ThreatFlix.
What it does
ThreatFlix is an AI-powered security copilot and threat-intelligence SDK that helps applications detect, analyze, and respond to suspicious activity.
Instead of expecting a developer to manually read raw logs, understand attack patterns, and map everything to security frameworks, ThreatFlix helps turn security events into structured intelligence.
The project includes:
- A web dashboard for viewing and understanding threats
- A backend for receiving and processing security events
- An SDK that can be installed from the npm registry
- A UEBA model packaged as a pip package
- AI-assisted analysis using Gemini
- MITRE ATT&CK-style mapping for better threat context
The goal is to make security more accessible for developers who may not have a dedicated SOC team behind them.
How we built it
We built ThreatFlix as a full-stack project with separate parts working together.
The frontend provides the dashboard and user interface. The backend handles event ingestion, analysis, and communication between the system components. The SDK allows developers to capture security events directly from their applications and send them to the ThreatFlix backend for analysis.
One of the biggest parts of the project was making it reusable. We did not want ThreatFlix to be just a hackathon demo that only works on our machine. We wanted other developers to be able to try it, install it, and build on top of it.
That is why we ended up publishing:
- An npm package for the ThreatFlix SDK
- A pip package for the UEBA model we built
The npm package makes it easier for JavaScript and TypeScript developers to plug ThreatFlix into their apps. The pip package makes the UEBA model easier to reuse, test, and improve in future projects.
For us, this was not just about building a product. It was about building something that could become useful the next time someone faces the same problem.
Challenges we faced
One major challenge was connecting everything together cleanly. ThreatFlix has multiple moving parts: frontend, backend, SDK, ML model, AI analysis, and threat mapping. Making all of them communicate properly took a lot of debugging and iteration.
Another challenge was packaging the project properly. Publishing an npm package and a pip package forced us to think beyond just “it works locally.” We had to think about how someone else would install it, use it, and understand it without sitting next to us.
We also had to balance complexity with simplicity. Security can become very complicated very quickly. Our goal was not to build the biggest possible system, but to build something that feels approachable for developers while still being useful.
What we learned
This project taught us a lot about building real developer tools.
We learned how important it is to design software not just for ourselves, but for the next person who will use it. Writing an SDK, packaging a model, publishing to npm and pip, and documenting the project changed the way we thought about the build.
We also learned that cybersecurity is not only about detection. It is also about explanation. A raw alert is not always useful by itself. Developers need context: what happened, why it matters, how serious it is, and what they should do next.
ThreatFlix helped us understand how AI, ML, and developer tooling can work together to make security more accessible.
Accomplishments
We are proud that ThreatFlix became more than just a frontend demo.
By the end of the project, we had a working full-stack system, an installable npm SDK, and a pip package for the UEBA model. That made the project feel much more real, because it means someone else can actually reuse parts of what we built.
For someone still learning web development and constantly trying to build ambitious tools, this project felt like a big step forward. It pushed us to think about architecture, packaging, usability, security, and product storytelling all at once.
What is next
The immediate next step for ThreatFlix is deployment.
Right now, we have the core pieces working: the frontend, backend, SDK, ML model, AI analysis flow, npm package, and pip package. The long-term vision is to turn this from a hackathon build into a deployed, usable product that developers can actually integrate into their own applications.
We want to deploy the full ThreatFlix platform, make the dashboard publicly accessible, host the backend reliably, and improve the SDK so developers can install it, connect their app, and start sending security events with minimal setup.
After deployment, we want to focus on:
- Improving the UEBA model with better real-world behavior patterns
- Making the npm SDK easier to configure
- Adding clearer documentation and examples
- Improving AI-generated threat summaries and recommendations
- Supporting more event sources and integrations
- Making the dashboard production-ready
The goal is not just to keep ThreatFlix as a hackathon prototype. The goal is to make it live, usable, and helpful for real developers.
Not every builder has a SOC team.
But every builder deserves context.
Built With
- analytics
- and
- behavior
- bun
- entity-framework
- google-gemini-api
- machine-learning
- mitre-att&ck-framework
- multi-layered
- node.js
- npm
- pip
- python
- react
- sqlite
- typescript
- user
Log in or sign up for Devpost to join the conversation.