Inspiration

Modern fintech, SaaS, and marketplace teams process thousands of suspicious events every day — failed logins, abnormal payments, new-device transactions, refund abuse, API spikes, chargebacks, and account takeover signals. But smaller teams usually investigate these events through scattered dashboards, spreadsheets, screenshots, chat messages, and manual notes. That creates slow response, weak evidence quality, and poor audit readiness.

ProofPilot AI was inspired by a simple question:

What if fraud and incident investigation could be as fast as a modern Vercel app, but backed by a real AWS database architecture designed for scale, evidence integrity, and production use?

This project was built for the H0: Hack the Zero Stack with Vercel v0 and AWS Databases hackathon as a Track 2: Monetizable B2B App. The goal is to create a serious, shippable B2B fraud and incident operations platform — not just a dashboard, not just a chatbot, but a complete investigation operating system powered by Vercel + Amazon DynamoDB.


What it does

ProofPilot AI is an evidence-grade fraud and incident operations platform for fintech, SaaS, marketplace, and digital business teams. It converts suspicious raw events into risk-scored cases, linked evidence timelines, tamper-evident ledger records, and audit-ready reports.

🚀 Core Product Summary

Layer What ProofPilot AI Does Why It Matters
🧾 Event Ingestion Accepts suspicious events such as failed logins, payments, refunds, API abuse, and device changes Turns raw activity into structured investigation data
⚡ Risk Scoring Scores each event from 0–100 using deterministic explainable rules Makes decisions transparent instead of black-box
🕵️ Case Creation Automatically creates investigation cases for high-risk activity Reduces analyst workload and speeds up triage
🔗 Entity Graph Links accounts, devices, IPs, transactions, and cases Helps investigators understand relationships quickly
🔐 Evidence Ledger Creates tamper-evident evidence records using hash-chain logic Improves auditability and trust
📄 Report Generator Produces investigation reports with timeline, risk reasons, and evidence hashes Makes the output compliance-ready
☁️ AWS Database Backend Stores live suspicious events in Amazon DynamoDB Provides real cloud-backed, scalable infrastructure
▲ Vercel Deployment Hosts the full-stack Next.js application on Vercel Makes the app fast, accessible, and production-ready

🧠 Key Features

# Feature Status
1 Premium B2B SaaS landing page ✅ Built
2 Judge demo mode ✅ Built
3 Live suspicious event generation ✅ Built
4 Amazon DynamoDB event storage ✅ Built
5 1,000+ event scale demo ✅ Built
6 Risk scoring engine ✅ Built
7 Human-readable risk explanations ✅ Built
8 Auto-created investigation cases ✅ Built
9 Case management dashboard ✅ Built
10 Case detail timeline ✅ Built
11 Evidence ledger records ✅ Built
12 Ledger verification flow ✅ Built
13 Report generation ✅ Built
14 Event stream page ✅ Built
15 Entity intelligence page ✅ Built
16 System health page ✅ Built
17 Live AWS adapter status ✅ Built
18 Architecture page ✅ Built
19 Pricing page for monetization ✅ Built
20 Submission kit page ✅ Built
21 Vercel deployment ✅ Built
22 GitHub repository ✅ Built
23 DynamoDB proof screenshot ✅ Captured
24 Environment-variable based config ✅ Built
25 Demo adapter fallback ✅ Built
26 No hardcoded AWS secrets ✅ Built
27 Server-side AWS usage ✅ Built
28 Professional enterprise UI ✅ Built
29 Mobile-responsive layout ✅ Built
30 Hackathon-ready project documentation ✅ Built

🧭 End-to-End User Flow

flowchart TD
    A[User / Judge opens ProofPilot AI] --> B[Launch Live Demo]
    B --> C[Generate Suspicious Events]
    C --> D[Events written to Amazon DynamoDB]
    D --> E[Risk Engine scores each event]
    E --> F{Risk score >= threshold?}
    F -- Yes --> G[Auto-create Investigation Case]
    F -- No --> H[Store as monitored event]
    G --> I[Build Case Timeline]
    I --> J[Create Evidence Ledger Records]
    J --> K[Verify Evidence Chain]
    K --> L[Generate Audit-Ready Report]
    L --> M[Review Architecture + System Health]

🏢 Target Users

User Type Pain Point How ProofPilot AI Helps
Fintech startups Suspicious payments and account abuse Converts events into investigation cases
SaaS companies Login attacks, API abuse, account takeover Detects risky activity and explains why
Marketplaces Refund abuse, chargebacks, fake accounts Links users, devices, IPs, and transactions
Security teams Scattered incident evidence Builds timelines and tamper-evident records
Compliance teams Weak audit trails Generates structured reports with evidence hashes

How we built it

ProofPilot AI was built as a full-stack, production-style web application using Next.js on Vercel and Amazon DynamoDB as the required AWS Database backend.

The project is designed around a database-first architecture: DynamoDB is not used as a checkbox; it powers the core suspicious event store for the live deployed application.


🧱 Tech Stack

Layer Technology
Frontend Next.js App Router, TypeScript
Styling Tailwind CSS
UI System shadcn/ui-style components
Hosting Vercel
AWS Database Amazon DynamoDB
Data Model DynamoDB single-table event design
Validation Type-safe server-side logic
Risk Engine Deterministic scoring rules
Evidence Integrity SHA-style hash-chain ledger logic
Reports HTML/print-ready investigation reports
Deployment Config Vercel environment variables
Repository GitHub

☁️ AWS Database Used

Primary AWS Database: Amazon DynamoDB

ProofPilot AI uses a live DynamoDB table:

Table name: ProofPilotEvents
Region: eu-north-1
Primary key: PK
Sort key: SK

DynamoDB stores live suspicious fraud and incident events generated from the deployed Vercel application.


🗂️ DynamoDB Data Model

The table is designed around access patterns instead of random storage.

Access Pattern DynamoDB Key Strategy
Organization event feed PK = ORG#organizationId
Time-ordered events SK = EVENT#timestamp#eventId
Entity timeline GSI1PK = ENTITY#entityId
Entity event order GSI1SK = EVENT#timestamp
Risk severity queue GSI2PK = RISK#severity
Severity ordered by time GSI2SK = timestamp#eventId

📦 Example DynamoDB Item Shape

{
  "PK": "ORG#org_northstar_pay",
  "SK": "EVENT#2026-06-16T13:25:50Z#evt_abc123",
  "GSI1PK": "ENTITY#acct_judge_001",
  "GSI1SK": "EVENT#2026-06-16T13:25:50Z",
  "GSI2PK": "RISK#CRITICAL",
  "GSI2SK": "2026-06-16T13:25:50Z#evt_abc123",
  "eventId": "evt_abc123",
  "organizationId": "org_northstar_pay",
  "entityId": "acct_judge_001",
  "eventType": "payment_attempt",
  "severity": "CRITICAL",
  "riskScore": 92,
  "createdAt": "2026-06-16T13:25:50Z"
}

🏗️ System Architecture

flowchart LR
    U[User / Judge] --> V[Vercel Deployment]
    V --> N[Next.js App Router]
    N --> API[API Routes]
    API --> R[Risk Scoring Engine]
    API --> DDB[(Amazon DynamoDB)]
    R --> C[Case Engine]
    C --> L[Evidence Ledger]
    L --> REP[Report Generator]
    REP --> UI[Audit-Ready Report UI]

    DDB --> EVENTS[Live Suspicious Events]
    DDB --> FEED[Organization Event Feed]
    DDB --> RISK[Severity Queue]
    DDB --> ENTITY[Entity Timelines]

🔄 Runtime Flow

Step What Happens
1 Judge opens deployed Vercel app
2 Judge launches live demo
3 App generates synthetic suspicious events
4 Events are written to Amazon DynamoDB
5 Risk engine scores events
6 High-risk events become investigation cases
7 Evidence ledger records are created
8 Case timeline and entity graph are displayed
9 Ledger verification validates evidence chain
10 Report generator creates audit-ready output

🔐 Security and Production Practices

Area Implementation
Secrets AWS keys are stored in Vercel environment variables, not in GitHub
Database Access DynamoDB access happens server-side
Demo Data Uses synthetic fraud/incident data only
Cost Safety Demo generation can be limited for controlled usage
Evidence Integrity Ledger records use hash-chain style verification
Deployment Live Vercel deployment with system health page
Observability /system-health shows adapter mode, live database state, and readiness

Challenges we ran into

Building ProofPilot AI was challenging because the goal was not just to create an attractive UI. The project needed to behave like a real full-stack product with live AWS database integration, working demo flows, and judge-ready reliability.


⚠️ Major Challenges

Challenge What Happened How We Solved It
AWS marketplace provisioning Aurora DSQL provisioning failed through the Vercel AWS integration flow Pivoted to DynamoDB, which is officially allowed and better suited for high-volume event ingestion
Real database writes Initial generated events were only updating local demo state Reworked the flow so generated events are written into the live DynamoDB table
DynamoDB uniqueness Generated events needed unique PK + SK pairs to avoid overwrites Used timestamp + event ID in the sort key
Batch writing DynamoDB batch writes have item limits Implemented batch chunking for generated events
Submission proof The project needed visible AWS Database usage Added DynamoDB item proof, system health status, and architecture explanation
Product clarity Fraud investigation systems can become complex quickly Designed a judge-focused demo path with clear flow from event → risk → case → ledger → report
Honest architecture Aurora DSQL was planned but not live Clearly positioned DynamoDB as the live required AWS Database and Aurora-style relational workflow as future expansion
Cost awareness Repeated full table scans can consume RCUs Used controlled event generation and avoided unnecessary repeated scans

🛠️ Technical Debugging Flow

flowchart TD
    A[DynamoDB table showed only 1 item] --> B[Investigated Generate Events API]
    B --> C[Found local demo store only]
    C --> D[Added real DynamoDB write path]
    D --> E[Ensured unique PK + SK]
    E --> F[Added batch writing]
    F --> G[Deployed to Vercel]
    G --> H[DynamoDB showed 1,001 items]
    H --> I[Confirmed live AWS backend]

Accomplishments that we're proud of

The biggest accomplishment is that ProofPilot AI became a real deployed product, not just a static prototype. The app now has a live Vercel deployment, a live Amazon DynamoDB backend, and a working end-to-end judge demo.


🏆 Key Accomplishments

Area Accomplishment
☁️ AWS Integration Connected the deployed app to a live DynamoDB table
⚡ Scale Demo Successfully wrote 1,000+ synthetic suspicious events into DynamoDB
🧠 Risk Engine Built explainable risk scoring instead of vague black-box AI
🕵️ Investigation Workflow Converted events into cases, timelines, and evidence records
🔐 Evidence Integrity Implemented tamper-evident ledger-style records
📄 Reporting Built audit-ready report generation
▲ Vercel Deployment Published a working full-stack web application
🧭 Judge Experience Created a direct judge demo flow with system health and architecture pages
🎨 Design Built a polished B2B fintech/cybersecurity SaaS interface
💼 Monetization Positioned the product as a realistic B2B SaaS platform

✅ Proof of Real AWS Usage

Proof Item Status
DynamoDB table created ✅ Done
Table name: ProofPilotEvents ✅ Done
Region: eu-north-1 ✅ Done
Live Vercel environment variables ✅ Done
App system health showing live AWS adapter ✅ Done
DynamoDB table showing 1,001 items ✅ Done
Events generated from deployed app ✅ Done

💎 Why this project stands out

ProofPilot AI is designed to be more than a demo. It combines:

  • ⚡ fast frontend delivery through Vercel
  • ☁️ real AWS database infrastructure
  • 🧠 explainable fraud risk scoring
  • 🕵️ investigation case workflows
  • 🔐 evidence integrity
  • 📄 audit-ready reporting
  • 💼 monetizable B2B SaaS positioning

That combination makes the project strong across technical implementation, design, impact, and originality.


What we learned

This project reinforced that a winning full-stack app is not only about UI polish. The database model, access patterns, operational reliability, and demo clarity matter just as much.


📚 Lessons Learned

Lesson Why It Matters
Database design should follow access patterns DynamoDB works best when the query model is designed intentionally
A live backend is stronger than a mock demo Judges can see real infrastructure and working proof
Risk systems need explainability Human-readable risk reasons build trust
Demo flows must be simple Judges should understand value within seconds
Production readiness is visible System health, env config, architecture pages, and proof screenshots matter
Do not overclaim It is better to honestly say DynamoDB is live than claim unsupported architecture
Small failures reveal architecture gaps The “1 item only” issue helped uncover and fix the real write path
Vercel + AWS is powerful The frontend can ship quickly while AWS handles scalable backend data

🧠 Technical Learning Flow

flowchart LR
    A[Fast UI with Vercel] --> B[Need real backend]
    B --> C[DynamoDB table design]
    C --> D[Event generation]
    D --> E[Risk scoring]
    E --> F[Case workflow]
    F --> G[Ledger verification]
    G --> H[Audit-ready reporting]

What's next for ProofPilot AI

ProofPilot AI already demonstrates a strong foundation: live event ingestion, AWS-backed storage, risk scoring, cases, evidence ledgers, and reports. The next step is to evolve it from hackathon-ready product into a production-grade fraud and incident operations platform.


🛣️ Roadmap

Phase Planned Upgrade Impact
Phase 1 Add production authentication and role-based access control Secure real team usage
Phase 2 Add tenant-isolated organizations and workspaces Make it enterprise SaaS-ready
Phase 3 Add Aurora DSQL/PostgreSQL relational case store Strengthen transactional case workflows
Phase 4 Add streaming ingestion with webhooks Support live customer event pipelines
Phase 5 Add alerting and notification rules Notify analysts in real time
Phase 6 Add advanced entity graph analytics Detect fraud rings and linked accounts
Phase 7 Add ML-assisted anomaly detection Improve risk scoring accuracy
Phase 8 Add compliance templates Support SOC 2, PCI, fintech audits
Phase 9 Add customer API keys and SDKs Make integration easier
Phase 10 Add multi-region architecture Improve global scale and reliability

🔮 Future Architecture Vision

flowchart TD
    A[Customer Apps] --> B[ProofPilot Ingestion API]
    B --> C[Amazon DynamoDB Raw Event Store]
    C --> D[Risk Scoring + Entity Resolution]
    D --> E[Aurora DSQL / Relational Case Store]
    E --> F[Evidence Ledger]
    F --> G[Reports + Compliance Export]
    D --> H[Alerting + Webhooks]
    D --> I[Entity Graph Analytics]
    I --> J[Fraud Ring Detection]

🚀 Long-Term Vision

The long-term vision for ProofPilot AI is to become a lightweight but powerful fraud and incident operations OS for modern digital businesses — a platform that gives smaller teams the kind of structured investigation, evidence integrity, and audit readiness usually found only in expensive enterprise tools.

ProofPilot AI can grow into a commercial SaaS product with:

  • multi-tenant workspaces
  • API-based event ingestion
  • customer-specific risk rules
  • compliance-grade evidence retention
  • real-time alerting
  • case collaboration
  • entity graph intelligence
  • advanced fraud pattern detection
  • downloadable audit packets
  • enterprise integrations

Final Summary

ProofPilot AI is a Vercel-deployed B2B fraud and incident operations platform powered by Amazon DynamoDB. It turns suspicious events into risk-scored investigation cases, linked evidence timelines, tamper-evident ledger records, and audit-ready reports.

It was built to show what is possible when fast frontend development meets real AWS database infrastructure:

Hackathon Criterion How ProofPilot AI Addresses It
Technical Implementation Live DynamoDB backend, structured access patterns, risk engine, ledger verification
Design Premium fintech/cybersecurity SaaS interface
Impact Solves real fraud, compliance, and incident investigation problems
Originality Combines event ingestion, explainable risk, evidence integrity, and audit reports
Production Readiness Vercel deployment, system health page, AWS proof, secure env configuration

ProofPilot AI is not just a demo — it is a working foundation for a production-ready fraud and incident operations platform.

Built With

  • amazon-dynamodb
  • api-routes
  • aws-iam
  • aws-sdk-for-javascript
  • case-management-workflows
  • evidence-ledger-hashing
  • github
  • next.js
  • node.js
  • react
  • risk-scoring-logic
  • server-side-environment-variables
  • synthetic-event-generation
  • tailwind-css
  • typescript
  • vercel
Share this project:

Updates