Inspiration
Modern fintech, SaaS, and marketplace teams process thousands of suspicious events every day — failed logins, abnormal payments, new-device transactions, refund abuse, API spikes, chargebacks, and account takeover signals. But smaller teams usually investigate these events through scattered dashboards, spreadsheets, screenshots, chat messages, and manual notes. That creates slow response, weak evidence quality, and poor audit readiness.
ProofPilot AI was inspired by a simple question:
What if fraud and incident investigation could be as fast as a modern Vercel app, but backed by a real AWS database architecture designed for scale, evidence integrity, and production use?
This project was built for the H0: Hack the Zero Stack with Vercel v0 and AWS Databases hackathon as a Track 2: Monetizable B2B App. The goal is to create a serious, shippable B2B fraud and incident operations platform — not just a dashboard, not just a chatbot, but a complete investigation operating system powered by Vercel + Amazon DynamoDB.
What it does
ProofPilot AI is an evidence-grade fraud and incident operations platform for fintech, SaaS, marketplace, and digital business teams. It converts suspicious raw events into risk-scored cases, linked evidence timelines, tamper-evident ledger records, and audit-ready reports.
🚀 Core Product Summary
| Layer | What ProofPilot AI Does | Why It Matters |
|---|---|---|
| 🧾 Event Ingestion | Accepts suspicious events such as failed logins, payments, refunds, API abuse, and device changes | Turns raw activity into structured investigation data |
| ⚡ Risk Scoring | Scores each event from 0–100 using deterministic explainable rules | Makes decisions transparent instead of black-box |
| 🕵️ Case Creation | Automatically creates investigation cases for high-risk activity | Reduces analyst workload and speeds up triage |
| 🔗 Entity Graph | Links accounts, devices, IPs, transactions, and cases | Helps investigators understand relationships quickly |
| 🔐 Evidence Ledger | Creates tamper-evident evidence records using hash-chain logic | Improves auditability and trust |
| 📄 Report Generator | Produces investigation reports with timeline, risk reasons, and evidence hashes | Makes the output compliance-ready |
| ☁️ AWS Database Backend | Stores live suspicious events in Amazon DynamoDB | Provides real cloud-backed, scalable infrastructure |
| ▲ Vercel Deployment | Hosts the full-stack Next.js application on Vercel | Makes the app fast, accessible, and production-ready |
🧠 Key Features
| # | Feature | Status |
|---|---|---|
| 1 | Premium B2B SaaS landing page | ✅ Built |
| 2 | Judge demo mode | ✅ Built |
| 3 | Live suspicious event generation | ✅ Built |
| 4 | Amazon DynamoDB event storage | ✅ Built |
| 5 | 1,000+ event scale demo | ✅ Built |
| 6 | Risk scoring engine | ✅ Built |
| 7 | Human-readable risk explanations | ✅ Built |
| 8 | Auto-created investigation cases | ✅ Built |
| 9 | Case management dashboard | ✅ Built |
| 10 | Case detail timeline | ✅ Built |
| 11 | Evidence ledger records | ✅ Built |
| 12 | Ledger verification flow | ✅ Built |
| 13 | Report generation | ✅ Built |
| 14 | Event stream page | ✅ Built |
| 15 | Entity intelligence page | ✅ Built |
| 16 | System health page | ✅ Built |
| 17 | Live AWS adapter status | ✅ Built |
| 18 | Architecture page | ✅ Built |
| 19 | Pricing page for monetization | ✅ Built |
| 20 | Submission kit page | ✅ Built |
| 21 | Vercel deployment | ✅ Built |
| 22 | GitHub repository | ✅ Built |
| 23 | DynamoDB proof screenshot | ✅ Captured |
| 24 | Environment-variable based config | ✅ Built |
| 25 | Demo adapter fallback | ✅ Built |
| 26 | No hardcoded AWS secrets | ✅ Built |
| 27 | Server-side AWS usage | ✅ Built |
| 28 | Professional enterprise UI | ✅ Built |
| 29 | Mobile-responsive layout | ✅ Built |
| 30 | Hackathon-ready project documentation | ✅ Built |
🧭 End-to-End User Flow
flowchart TD
A[User / Judge opens ProofPilot AI] --> B[Launch Live Demo]
B --> C[Generate Suspicious Events]
C --> D[Events written to Amazon DynamoDB]
D --> E[Risk Engine scores each event]
E --> F{Risk score >= threshold?}
F -- Yes --> G[Auto-create Investigation Case]
F -- No --> H[Store as monitored event]
G --> I[Build Case Timeline]
I --> J[Create Evidence Ledger Records]
J --> K[Verify Evidence Chain]
K --> L[Generate Audit-Ready Report]
L --> M[Review Architecture + System Health]
🏢 Target Users
| User Type | Pain Point | How ProofPilot AI Helps |
|---|---|---|
| Fintech startups | Suspicious payments and account abuse | Converts events into investigation cases |
| SaaS companies | Login attacks, API abuse, account takeover | Detects risky activity and explains why |
| Marketplaces | Refund abuse, chargebacks, fake accounts | Links users, devices, IPs, and transactions |
| Security teams | Scattered incident evidence | Builds timelines and tamper-evident records |
| Compliance teams | Weak audit trails | Generates structured reports with evidence hashes |
How we built it
ProofPilot AI was built as a full-stack, production-style web application using Next.js on Vercel and Amazon DynamoDB as the required AWS Database backend.
The project is designed around a database-first architecture: DynamoDB is not used as a checkbox; it powers the core suspicious event store for the live deployed application.
🧱 Tech Stack
| Layer | Technology |
|---|---|
| Frontend | Next.js App Router, TypeScript |
| Styling | Tailwind CSS |
| UI System | shadcn/ui-style components |
| Hosting | Vercel |
| AWS Database | Amazon DynamoDB |
| Data Model | DynamoDB single-table event design |
| Validation | Type-safe server-side logic |
| Risk Engine | Deterministic scoring rules |
| Evidence Integrity | SHA-style hash-chain ledger logic |
| Reports | HTML/print-ready investigation reports |
| Deployment Config | Vercel environment variables |
| Repository | GitHub |
☁️ AWS Database Used
Primary AWS Database: Amazon DynamoDB
ProofPilot AI uses a live DynamoDB table:
Table name: ProofPilotEvents
Region: eu-north-1
Primary key: PK
Sort key: SK
DynamoDB stores live suspicious fraud and incident events generated from the deployed Vercel application.
🗂️ DynamoDB Data Model
The table is designed around access patterns instead of random storage.
| Access Pattern | DynamoDB Key Strategy |
|---|---|
| Organization event feed | PK = ORG#organizationId |
| Time-ordered events | SK = EVENT#timestamp#eventId |
| Entity timeline | GSI1PK = ENTITY#entityId |
| Entity event order | GSI1SK = EVENT#timestamp |
| Risk severity queue | GSI2PK = RISK#severity |
| Severity ordered by time | GSI2SK = timestamp#eventId |
📦 Example DynamoDB Item Shape
{
"PK": "ORG#org_northstar_pay",
"SK": "EVENT#2026-06-16T13:25:50Z#evt_abc123",
"GSI1PK": "ENTITY#acct_judge_001",
"GSI1SK": "EVENT#2026-06-16T13:25:50Z",
"GSI2PK": "RISK#CRITICAL",
"GSI2SK": "2026-06-16T13:25:50Z#evt_abc123",
"eventId": "evt_abc123",
"organizationId": "org_northstar_pay",
"entityId": "acct_judge_001",
"eventType": "payment_attempt",
"severity": "CRITICAL",
"riskScore": 92,
"createdAt": "2026-06-16T13:25:50Z"
}
🏗️ System Architecture
flowchart LR
U[User / Judge] --> V[Vercel Deployment]
V --> N[Next.js App Router]
N --> API[API Routes]
API --> R[Risk Scoring Engine]
API --> DDB[(Amazon DynamoDB)]
R --> C[Case Engine]
C --> L[Evidence Ledger]
L --> REP[Report Generator]
REP --> UI[Audit-Ready Report UI]
DDB --> EVENTS[Live Suspicious Events]
DDB --> FEED[Organization Event Feed]
DDB --> RISK[Severity Queue]
DDB --> ENTITY[Entity Timelines]
🔄 Runtime Flow
| Step | What Happens |
|---|---|
| 1 | Judge opens deployed Vercel app |
| 2 | Judge launches live demo |
| 3 | App generates synthetic suspicious events |
| 4 | Events are written to Amazon DynamoDB |
| 5 | Risk engine scores events |
| 6 | High-risk events become investigation cases |
| 7 | Evidence ledger records are created |
| 8 | Case timeline and entity graph are displayed |
| 9 | Ledger verification validates evidence chain |
| 10 | Report generator creates audit-ready output |
🔐 Security and Production Practices
| Area | Implementation |
|---|---|
| Secrets | AWS keys are stored in Vercel environment variables, not in GitHub |
| Database Access | DynamoDB access happens server-side |
| Demo Data | Uses synthetic fraud/incident data only |
| Cost Safety | Demo generation can be limited for controlled usage |
| Evidence Integrity | Ledger records use hash-chain style verification |
| Deployment | Live Vercel deployment with system health page |
| Observability | /system-health shows adapter mode, live database state, and readiness |
Challenges we ran into
Building ProofPilot AI was challenging because the goal was not just to create an attractive UI. The project needed to behave like a real full-stack product with live AWS database integration, working demo flows, and judge-ready reliability.
⚠️ Major Challenges
| Challenge | What Happened | How We Solved It |
|---|---|---|
| AWS marketplace provisioning | Aurora DSQL provisioning failed through the Vercel AWS integration flow | Pivoted to DynamoDB, which is officially allowed and better suited for high-volume event ingestion |
| Real database writes | Initial generated events were only updating local demo state | Reworked the flow so generated events are written into the live DynamoDB table |
| DynamoDB uniqueness | Generated events needed unique PK + SK pairs to avoid overwrites |
Used timestamp + event ID in the sort key |
| Batch writing | DynamoDB batch writes have item limits | Implemented batch chunking for generated events |
| Submission proof | The project needed visible AWS Database usage | Added DynamoDB item proof, system health status, and architecture explanation |
| Product clarity | Fraud investigation systems can become complex quickly | Designed a judge-focused demo path with clear flow from event → risk → case → ledger → report |
| Honest architecture | Aurora DSQL was planned but not live | Clearly positioned DynamoDB as the live required AWS Database and Aurora-style relational workflow as future expansion |
| Cost awareness | Repeated full table scans can consume RCUs | Used controlled event generation and avoided unnecessary repeated scans |
🛠️ Technical Debugging Flow
flowchart TD
A[DynamoDB table showed only 1 item] --> B[Investigated Generate Events API]
B --> C[Found local demo store only]
C --> D[Added real DynamoDB write path]
D --> E[Ensured unique PK + SK]
E --> F[Added batch writing]
F --> G[Deployed to Vercel]
G --> H[DynamoDB showed 1,001 items]
H --> I[Confirmed live AWS backend]
Accomplishments that we're proud of
The biggest accomplishment is that ProofPilot AI became a real deployed product, not just a static prototype. The app now has a live Vercel deployment, a live Amazon DynamoDB backend, and a working end-to-end judge demo.
🏆 Key Accomplishments
| Area | Accomplishment |
|---|---|
| ☁️ AWS Integration | Connected the deployed app to a live DynamoDB table |
| ⚡ Scale Demo | Successfully wrote 1,000+ synthetic suspicious events into DynamoDB |
| 🧠 Risk Engine | Built explainable risk scoring instead of vague black-box AI |
| 🕵️ Investigation Workflow | Converted events into cases, timelines, and evidence records |
| 🔐 Evidence Integrity | Implemented tamper-evident ledger-style records |
| 📄 Reporting | Built audit-ready report generation |
| ▲ Vercel Deployment | Published a working full-stack web application |
| 🧭 Judge Experience | Created a direct judge demo flow with system health and architecture pages |
| 🎨 Design | Built a polished B2B fintech/cybersecurity SaaS interface |
| 💼 Monetization | Positioned the product as a realistic B2B SaaS platform |
✅ Proof of Real AWS Usage
| Proof Item | Status |
|---|---|
| DynamoDB table created | ✅ Done |
Table name: ProofPilotEvents |
✅ Done |
Region: eu-north-1 |
✅ Done |
| Live Vercel environment variables | ✅ Done |
| App system health showing live AWS adapter | ✅ Done |
| DynamoDB table showing 1,001 items | ✅ Done |
| Events generated from deployed app | ✅ Done |
💎 Why this project stands out
ProofPilot AI is designed to be more than a demo. It combines:
- ⚡ fast frontend delivery through Vercel
- ☁️ real AWS database infrastructure
- 🧠 explainable fraud risk scoring
- 🕵️ investigation case workflows
- 🔐 evidence integrity
- 📄 audit-ready reporting
- 💼 monetizable B2B SaaS positioning
That combination makes the project strong across technical implementation, design, impact, and originality.
What we learned
This project reinforced that a winning full-stack app is not only about UI polish. The database model, access patterns, operational reliability, and demo clarity matter just as much.
📚 Lessons Learned
| Lesson | Why It Matters |
|---|---|
| Database design should follow access patterns | DynamoDB works best when the query model is designed intentionally |
| A live backend is stronger than a mock demo | Judges can see real infrastructure and working proof |
| Risk systems need explainability | Human-readable risk reasons build trust |
| Demo flows must be simple | Judges should understand value within seconds |
| Production readiness is visible | System health, env config, architecture pages, and proof screenshots matter |
| Do not overclaim | It is better to honestly say DynamoDB is live than claim unsupported architecture |
| Small failures reveal architecture gaps | The “1 item only” issue helped uncover and fix the real write path |
| Vercel + AWS is powerful | The frontend can ship quickly while AWS handles scalable backend data |
🧠 Technical Learning Flow
flowchart LR
A[Fast UI with Vercel] --> B[Need real backend]
B --> C[DynamoDB table design]
C --> D[Event generation]
D --> E[Risk scoring]
E --> F[Case workflow]
F --> G[Ledger verification]
G --> H[Audit-ready reporting]
What's next for ProofPilot AI
ProofPilot AI already demonstrates a strong foundation: live event ingestion, AWS-backed storage, risk scoring, cases, evidence ledgers, and reports. The next step is to evolve it from hackathon-ready product into a production-grade fraud and incident operations platform.
🛣️ Roadmap
| Phase | Planned Upgrade | Impact |
|---|---|---|
| Phase 1 | Add production authentication and role-based access control | Secure real team usage |
| Phase 2 | Add tenant-isolated organizations and workspaces | Make it enterprise SaaS-ready |
| Phase 3 | Add Aurora DSQL/PostgreSQL relational case store | Strengthen transactional case workflows |
| Phase 4 | Add streaming ingestion with webhooks | Support live customer event pipelines |
| Phase 5 | Add alerting and notification rules | Notify analysts in real time |
| Phase 6 | Add advanced entity graph analytics | Detect fraud rings and linked accounts |
| Phase 7 | Add ML-assisted anomaly detection | Improve risk scoring accuracy |
| Phase 8 | Add compliance templates | Support SOC 2, PCI, fintech audits |
| Phase 9 | Add customer API keys and SDKs | Make integration easier |
| Phase 10 | Add multi-region architecture | Improve global scale and reliability |
🔮 Future Architecture Vision
flowchart TD
A[Customer Apps] --> B[ProofPilot Ingestion API]
B --> C[Amazon DynamoDB Raw Event Store]
C --> D[Risk Scoring + Entity Resolution]
D --> E[Aurora DSQL / Relational Case Store]
E --> F[Evidence Ledger]
F --> G[Reports + Compliance Export]
D --> H[Alerting + Webhooks]
D --> I[Entity Graph Analytics]
I --> J[Fraud Ring Detection]
🚀 Long-Term Vision
The long-term vision for ProofPilot AI is to become a lightweight but powerful fraud and incident operations OS for modern digital businesses — a platform that gives smaller teams the kind of structured investigation, evidence integrity, and audit readiness usually found only in expensive enterprise tools.
ProofPilot AI can grow into a commercial SaaS product with:
- multi-tenant workspaces
- API-based event ingestion
- customer-specific risk rules
- compliance-grade evidence retention
- real-time alerting
- case collaboration
- entity graph intelligence
- advanced fraud pattern detection
- downloadable audit packets
- enterprise integrations
Final Summary
ProofPilot AI is a Vercel-deployed B2B fraud and incident operations platform powered by Amazon DynamoDB. It turns suspicious events into risk-scored investigation cases, linked evidence timelines, tamper-evident ledger records, and audit-ready reports.
It was built to show what is possible when fast frontend development meets real AWS database infrastructure:
| Hackathon Criterion | How ProofPilot AI Addresses It |
|---|---|
| Technical Implementation | Live DynamoDB backend, structured access patterns, risk engine, ledger verification |
| Design | Premium fintech/cybersecurity SaaS interface |
| Impact | Solves real fraud, compliance, and incident investigation problems |
| Originality | Combines event ingestion, explainable risk, evidence integrity, and audit reports |
| Production Readiness | Vercel deployment, system health page, AWS proof, secure env configuration |
ProofPilot AI is not just a demo — it is a working foundation for a production-ready fraud and incident operations platform.
Built With
- amazon-dynamodb
- api-routes
- aws-iam
- aws-sdk-for-javascript
- case-management-workflows
- evidence-ledger-hashing
- github
- next.js
- node.js
- react
- risk-scoring-logic
- server-side-environment-variables
- synthetic-event-generation
- tailwind-css
- typescript
- vercel

Log in or sign up for Devpost to join the conversation.