VigilX

Security that trusts behavior, not just passwords. An intelligent security layer that fights deepfakes and modern threats. By generating a live Trust Score, we apply security friction only when needed

Comment

Inspiration

Our inspiration was to solve a critical dilemma in modern banking: the "Fort Knox vs. Welcome Mat" problem. Banks are forced to either frustrate legitimate customers with excessive security or invite fraudsters with weak defenses. We were driven by the need to address two fundamental vulnerabilities that undermine the principles of a Zero Trust framework:

  • The Compromise of Identity Onboarding: Traditional Video KYC (V-KYC) is now critically vulnerable to sophisticated, real-time deepfake attacks.
  • The Failure of Static Authentication: The common "authenticate once, trust always" model is obsolete and blind to post-login threats like session hijacking and account takeovers.

Our goal was to create a paradigm shift where security is intelligent, adaptive, and invisible.

What it does

VigilX is a multi-layered, AI-powered security platform that transforms bank security from a static barrier into an intelligent, adaptive shield. Instead of a one-time password, it operates on a continuous, live Trust Score.

  • Forges "Digital DNA": During a one-time onboarding, the system creates a unique user profile by capturing behavioral metrics (typing cadence, mouse dynamics) and contextual data (device fingerprint, location).
  • Generates a Live Trust Score: The platform continuously analyzes a live user session against their stored "Digital DNA" to calculate a real-time trust score.
  • Triggers Adaptive Verification: Based on the live score, VigilX triggers proportionate security challenges, making it frictionless for most users.
    • Medium Risk: A low-friction Audio Liveness Verification is initiated, where an AI asks a dynamic question to defeat bots.
    • High Risk: The system escalates to a robust Video Liveness Verification, using the Gemini Vision API to issue and adjudicate unpredictable physical challenges that expose deepfakes.
  • Turns Attacks into Intelligence: For critically low scores, users are seamlessly redirected to a Threat Intelligence Sandbox (honeypot). This captures the attacker's tools and techniques, turning their attack into actionable intelligence.

How we built it

We adopted an agile development methodology, building the platform in intensive sprints. Our process was layered: we began with the foundational "Digital DNA" calibration and Trust Score engine, then integrated the adaptive verification modules (Audio, Video KYC) and the Admin Dashboard.

The core scoring algorithm continuously calculates trust based on a weighted formula: $$Trust Score = (0.7 \times Behavioral) + (0.3 \times Contextual)$$

Technology Stack:

  • Frontend: Tailwind CSS for rapid UI and Chart.js for data visualizations on the admin dashboard.
  • Backend & Database: Firebase Auth for secure authentication and Firestore as a real-time NoSQL database for storing Digital DNA profiles.
  • AI Core & Liveness: We integrated the Gemini API for video liveness verification, Perplexity AI for dynamic audio question generation, and Azure Speech SDK for text-to-speech and speech-to-text functionalities.
  • Audio Analysis: We used Meyda.js for real-time audio feature extraction and MFCC Analysis to detect patterns of AI-generated voices.

Challenges we ran into

Our true breakthrough was architecting the real-time trust engine itself. The core challenge was orchestrating the seamless flow between the continuous, passive monitoring of a user's "Digital DNA" and the instant activation of step-up verification challenges. This involved processing multiple real-time data streams, like typing cadence and mouse dynamics, and fine-tuning our behavioral scoring algorithm, which uses a safeSimilarity() exponential decay function, to calculate a live trust score without any perceptible latency.

Accomplishments that we're proud of

We are proud of developing a fully functional, end-to-end prototype of VigilX. It demonstrates the entire flow, from user calibration and live trust scoring to adaptive verification and the admin monitoring dashboard. Most importantly, achieving this allowed us to create a system that remains completely invisible to over 95% of legitimate users, solving the trade-off between robust security and a frictionless user experience.

What we learned

Our biggest takeaway is that the future of security lies not in building higher walls, but in creating smarter, more adaptive systems. We learned that a frictionless experience for the legitimate user is just as important as a formidable barrier for the attacker. On a technical level, our team gained immense experience in integrating multiple cutting-edge AI services (Speech, LLM, Vision) into a cohesive system and learned the complexities of handling sensitive biometric data responsibly.

## What's next for VigilX

  • ML Model Enhancement: Enhance the accuracy of the Trust Score by incorporating more behavioral data points into the "Digital DNA" profile, such as mobile-specific swipe gestures and scroll velocity.
  • Automated Threat Intelligence Feedback Loop: Automate the feedback loop from the Threat Intelligence Sandbox, allowing captured attack data from the honeypot to automatically reinforce and harden the core Trust Engine.
  • Enterprise-Ready SDK Development: Package the entire VigilX solution as a lightweight, easy-to-integrate SDK to provide a developer-friendly toolkit that allows financial institutions to seamlessly embed the security layers into their existing web and mobile applications.

Login As Admin (Prototype)

To access the Admin Dashboard prototype, please use the following credentials:

Built With

Share this project:

Updates