Inspiration
Enterprise vendor risk management is broken. Companies manage hundreds of third-party vendors, but each assessment takes 4–6 weeks of manual questionnaire review, scattered across 20+ data sources. A single vendor breach costs $4.3M on average (IBM). With regulations like DORA, SEC cyber rules, and NIS2 tightening, compliance teams are overwhelmed — one analyst per 200+ vendors. We saw an opportunity to use agentic AI to compress weeks of work into minutes, while keeping humans accountable for high-stakes decisions.
What it does
VendorShield AI is a multi-agent platform that performs end-to-end vendor risk assessment in ~90 seconds. Submit a vendor name and it:
- Research Agent scans news, web, and sanctions lists for breach history, lawsuits, and reputation signals (via Tavily + Claude)
- Compliance Agent checks certifications (SOC2, ISO27001, HIPAA, PCI-DSS) and identifies regulatory gaps
- Financial Agent evaluates credit risk, bankruptcy probability, and revenue stability using an analyst/reviewer pattern
- Risk Scoring Agent aggregates all signals into a weighted 5-dimension score (Security 30%, Compliance 25%, Financial 20%, Operational 15%, ESG 10%)
- Remediation Agent generates actionable task plans and an executive summary
Cases route through UiPath Maestro for orchestration — low-risk vendors auto-approve, high-risk cases escalate to human reviewers via Action Center.
How we built it
- 5 independent microservice agents running on FastAPI (ports 8001–8005), orchestrated by a central API (port 8000)
- Anthropic Claude powers reasoning for all agents (research, compliance, financial analysis, remediation)
- Tavily provides real-time web search for the Research Agent's OSINT capabilities
- UiPath Maestro Case Management handles case lifecycle, stage transitions, SLAs, and human-in-the-loop routing
- UiPath API Workflows connect the platform to our external agent endpoints
- SQLite for local case persistence, with the full pipeline testable via a single
demo.pycommand - Built entirely using Cursor (UiPath for Coding Agents) for rapid development
Challenges we ran into
- Agent coordination timing — getting 5 agents to run in parallel and merge results reliably required careful error handling and timeout management
- Risk scoring calibration — tuning dimension weights and keyword signals so that known high-risk vendors (with breach history) actually score differently from clean vendors took extensive iteration
- Real-time web data variability — Tavily search results change daily, so we had to build deterministic scoring logic on top of non-deterministic inputs
- UiPath Maestro integration — wiring dynamic case routing (auto-approve vs. human review vs. escalation) based on confidence and risk thresholds required careful stage transition design
Accomplishments that we're proud of
- 90-second full assessments — what used to take 6 weeks runs in under 2 minutes
- 20/20 tests passing — comprehensive unit and smoke tests for the entire agent pipeline
- Real OSINT — the Research Agent pulls live news and sanctions data, not mock responses
- Production-grade scoring model — 5-dimension weighted scoring with confidence calculation and automatic routing logic
- Single-command startup —
bash start.shlaunches all 5 agents and the orchestrator
What we learned
- Multi-agent architectures need clear contracts between services — we defined strict JSON schemas early and it saved us countless debugging hours
- Claude excels at the analyst/reviewer pattern — having one prompt extract data and another validate it produces significantly more reliable outputs
- UiPath Maestro's case management is genuinely powerful for dynamic workflows where you can't predict the path in advance
- Coding agents (Cursor) dramatically accelerate development when you have a clear architecture — the plan-first, build-second approach worked perfectly
What's next for VendorShield AI
- Continuous monitoring — scheduled daily scans that auto-reopen cases when new risk signals emerge (vendor breach, credit downgrade, lawsuit)
- Document Understanding — upload SOC2 reports and ISO certificates for automated extraction and validation
- CrewAI financial agent — replace the single-LLM financial agent with a multi-agent CrewAI crew for deeper analysis
- UiPath Apps dashboard — real-time portfolio view showing all vendors by risk tier, SLA compliance, and agent activity
- Batch assessment — trigger reassessment of all vendors affected by a new regulation (e.g., DORA compliance sweep)
- Enterprise deployment — Docker Compose for production, with Maestro BPMN orchestrating the full vendor lifecycle across teams
Built With
- uipath

Log in or sign up for Devpost to join the conversation.