-
-
Login Page
-
Main Dashboard Page
-
Report
-
Report #2
-
Can be able to save as a pdf
Inspiration
Raise your hand if you've gotten a "suspicious login detected" email and opened it three hours later. By then the attacker was already done. Security tools send alerts. Nobody acts fast enough. We built Vault because that gap between detection and response is where the damage happens.
But beyond speed, we wanted to solve a harder problem: how do you deploy an AI agent that makes autonomous decisions affecting real people without creating new risks through false positives, biased reasoning, or lack of transparency? That question drove every design decision in Vault.
What it does
Vault is an autonomous account security platform. When a suspicious login hits an account, an AI agent built on Amazon Bedrock analyzes the location, device fingerprint, IP reputation, MFA status, time of day, and login attempt count — then responds in 4 seconds.
The core design is a three tier confidence system:
| Confidence | Verdict | Action |
|---|---|---|
| 90%+ | BLOCK | Auto-block + SNS email alert. No human needed. |
| 60–89% | CONFIRM | OTP code sent to user + Rekognition face verification option |
| Below 60% | FLAG | Silent flag for analyst review |
Every decision is explainable. Every reasoning step from Bedrock appears live on the SOC dashboard. Every action is logged permanently to DynamoDB.
We also added Amazon Bedrock Guardrails on every AI call — ensuring the AI's reasoning can never be biased, harmful, or discriminatory before it reaches a human or an account owner's inbox.
How we built it
The frontend is built in React with TypeScript and Tailwind CSS. It features three screens: a login page with an animated lamp effect, a live SOC war room dashboard with a 3D interactive COBE globe showing global login activity, an agent pipeline visualizer, and real time typewriter reasoning steps. The third screen is an auto-generated incident report.
On the backend, login events hit an AWS Lambda function via API Gateway HTTP endpoint. Lambda calls Amazon Bedrock with Claude Sonnet 4.6 (with Bedrock Guardrails applied) to analyze the event and return a confidence score, verdict, and reasoning array. Results get written to DynamoDB and pushed to the frontend in real time through API Gateway WebSocket. For BLOCK events, Amazon SNS sends a real email alert instantly. For CONFIRM events, a second Lambda generates a time-limited OTP stored in DynamoDB and sends it via SNS, with OTP verification handled by a dedicated Lambda endpoint. Amazon Rekognition handles face comparison against reference photos stored in S3.
Challenges we ran into
Getting Bedrock to return consistent JSON was harder than expected. Claude sometimes wraps responses in markdown code blocks even when explicitly told not to. We built a stripping layer in Lambda to handle edge cases before parsing.
WebSocket connections between API Gateway and the frontend dropped on first page load due to a timing issue. We added a reconnect handler so the dashboard always ends up connected.
Tuning the Bedrock confidence prompt took several iterations. Early versions scored too many events as high confidence. We added last known location, device fingerprint, time of day, and login attempt count to give Claude enough signal to produce realistic distributions across all three tiers.
CORS issues between the frontend and API Gateway HTTP endpoints took longer than expected to debug. The OPTIONS preflight was being blocked and required explicit CORS configuration on each API Gateway resource.
Accomplishments we are proud of
The full pipeline working end to end in real time. A login event fires, Bedrock analyzes it with Guardrails applied, the SOC dashboard updates live via WebSocket, a real email lands in the inbox via SNS, and the incident report generates automatically. Watching all of that happen in under 4 seconds felt like the project became real.
The OTP and Rekognition flows together make the AI Safety story genuinely robust. The confidence threshold controls what the AI does. Guardrails controls what the AI says. OTP and Rekognition verify the human when the AI is uncertain. Three independent safety layers working together.
What we learned
Prompt engineering for structured outputs is harder in production than in a playground. Getting Bedrock to return clean JSON consistently required explicit examples in the prompt and defensive parsing in Lambda.
WebSocket architecture is more complex than REST but the real time push to the frontend made the demo significantly more compelling.
The AI Safety framing changed how we thought about the whole project. The confidence threshold system was not just a feature — it was the answer to how you deploy autonomous AI responsibly. And Guardrails was the answer to how you make sure the AI itself stays safe.
What's next for Vault
- Neptune graph database for cross-account coordinated attack detection
- AgentCore multi-agent pipeline with specialized triage, investigation, and response agents
- A real authentication layer so companies can deploy this for their own user base
- A mobile app so account owners can respond to verification requests directly from their phone
AWS Services Used
Amazon Bedrock (Claude Sonnet 4.6) · Amazon Bedrock Guardrails · AWS Lambda · Amazon DynamoDB · Amazon API Gateway (WebSocket + HTTP) · Amazon SNS · Amazon Rekognition · Amazon S3
Built With
- amazon-bedrock
- amazon-dynamodb
- amazon-rekognition
- amazon-sns
- amazon-web-services
- api-gateway
- aws-lambda
- bedrock-guardrails
- cobe
- next-js
- python
- react
- tailwind-css
- typescript
Log in or sign up for Devpost to join the conversation.