SentinelAI

SentinelAI is an AI-powered cybersecurity assistant that detects threats in real time, explains attacks in plain language, and recommends immediate response actions!

Comment

Inspiration

The rapid growth of cloud infrastructure, AI systems, and connected applications has significantly increased the volume and complexity of security events organizations must handle. Security Operations Center (SOC) analysts are overwhelmed with alerts, often forced to manually investigate thousands of events, many of which are false positives or lack sufficient context.

At the same time, cyberattacks are becoming more sophisticated, including credential compromise, data exfiltration, and lateral movement across systems. Traditional security tools can detect anomalies, but they often fail to explain why something is suspicious or what action should be taken next.

SentinelAI was inspired by a key question: What if security systems could not only detect threats, but also investigate and respond to them autonomously?

What it does

SentinelAI is an autonomous AI-powered security operations agent that detects, investigates, and responds to threats in real time. The system ingests logs from authentication systems, networks, and applications and analyzes them through a centralized data platform. It identifies suspicious behaviors such as repeated failed logins, unusual geographic access patterns, and large data transfers that may indicate exfiltration.

Once a threat is detected, SentinelAI uses an AI reasoning engine to interpret the alert, explain why the behavior is suspicious, assess the level of risk, and recommend specific remediation actions. The system also incorporates a memory layer that stores past incidents and patterns, allowing it to provide context-aware analysis and improve decision-making over time.

How we built it

SentinelAI was built using a modular architecture that connects data engineering, backend services, artificial intelligence, and a real-time user interface into a single pipeline. Snowflake serves as the core data layer where security logs are stored and analyzed using SQL-based detection logic to generate alerts. A FastAPI backend handles orchestration by retrieving alerts and related logs and coordinating communication between components.

The Gemini API powers the intelligence layer by transforming raw alerts and log data into structured explanations, root cause analysis, and recommended actions. MongoDB is used as a memory layer to store past incidents and support contextual reasoning. The frontend dashboard visualizes alerts, severity levels, and AI-generated insights in real time, allowing users to quickly understand and respond to threats.

To make the system more interactive and accessible, we integrated an AI chatbot directly into the platform. The chatbot is powered by the same Gemini-based intelligence layer and is connected to our backend APIs, allowing it to answer questions about alerts, summarize incidents, and provide security recommendations in natural language. Users can ask questions such as “What caused this alert?” or “What should I do next?” and receive contextual, real-time responses grounded in actual system data. This transforms SentinelAI from a passive monitoring tool into an active security assistant that supports investigation and decision-making in real time.

To ensure the system is scalable and accessible beyond a local environment, we deployed the backend using Railway. Railway allows us to host the FastAPI server in the cloud with minimal configuration while managing environment variables securely for services like Snowflake, Gemini, and MongoDB. This deployment enables real-time API access from the frontend dashboard and chatbot, ensuring that users can interact with SentinelAI from anywhere while maintaining consistent performance and reliability.

Challenges we ran into

One of the main challenges was integrating multiple systems into a seamless pipeline. Ensuring that Snowflake, the backend, the AI model, and the frontend all communicated reliably required careful debugging and coordination. Small issues in data formatting or API communication could break the flow between components.

Another challenge was designing detection logic that produced meaningful alerts without creating too much noise. If thresholds were too strict, important threats could be missed, while loose thresholds could overwhelm the system with false positives. Finding the right balance required multiple iterations and testing.

We also faced challenges in structuring data for the AI model. Raw security logs are not inherently easy for an AI system to interpret, so we had to carefully format and provide context to ensure accurate and useful outputs. Additionally, ensuring consistent real-time behavior during demonstrations required precise control over timestamps and data flow to guarantee that alerts would trigger as expected.

Accomplishments that we're proud of

We are proud of building a fully integrated system that goes beyond traditional detection tools. SentinelAI does not just identify threats, but also explains them, investigates their context, and provides actionable responses. Successfully connecting the data layer, backend, AI reasoning engine, and frontend into a unified pipeline was a major achievement.

We are also proud of transforming complex security data into clear, understandable insights. By making advanced cybersecurity analysis accessible and actionable, we created a system that demonstrates both technical depth and real-world usability.

What we learned

Through building SentinelAI, we gained valuable experience working with real-world security architectures and integrating multiple technologies into a cohesive system. We learned how to design and query large-scale data pipelines in Snowflake and how to structure data for efficient analysis.

We also developed a deeper understanding of how to use AI models for reasoning and decision-making rather than simple text generation. In addition, we improved our skills in backend development, system integration, and designing user-focused security tools that balance complexity with usability.

What's next for SentenielAI

SentinelAI is already capable of autonomously detecting, investigating, and executing real-world remediation actions in response to security threats. Moving forward, we plan to enhance its intelligence, scalability, and adaptability to operate in more complex and dynamic environments.

We aim to expand the system’s memory and learning capabilities so it can recognize recurring attack patterns, adapt to evolving threat behaviors, and continuously improve its decision-making over time. By strengthening this context-aware layer, SentinelAI will move closer to true adaptive security, where responses are not only automated but also optimized based on historical insights.

We also plan to integrate real-time streaming pipelines to support high-volume enterprise environments and reduce detection latency even further. In addition, we want to refine the AI reasoning engine to provide deeper forensic analysis, more precise risk scoring, and more granular response strategies tailored to different types of threats.

Ultimately, our goal is to evolve SentinelAI into a fully autonomous, self-improving security system that can operate at enterprise scale, reduce the burden on human analysts, and proactively defend against increasingly sophisticated cyber threats.

Built With

Share this project:

Updates