TrueGaurdian

System Architecture Diagram
Component Flow Architecture Diagram
Live Extension
Extension Installation Guide
Support Guide

TrueGuardian: AI-Driven Autonomous Web Threat Detection and Response with AWS Bedrock

Inspiration

Today’s web is under constant attack from both automated bots and advanced attackers leveraging AI to find new vulnerabilities faster than security teams can respond. Manual incident response can’t keep up—especially when threats move at machine speed.

Our inspiration was to build a real-time, zero-trust guardian that leverages LLM reasoning, anomaly detection, and autonomous workflows. By combining browser log capture, prompt-based threat analysis, and instant orchestration of mitigations, we aim to protect users and organizations from modern AI-era cyber threats.

What it does

Browser Extension: Captures console errors and network events from every website visited, with user opt-in and privacy controls.
AWS Endpoint: Sends captured logs in real-time to our API Gateway; Lambda normalizes and enriches them.
AI Threat Analysis: Uses Bedrock LLM (Claude 3.5 Sonnet) for reasoning over every log (“Is this a threat? What action is needed?”).
Autonomous Orchestration: Triggers automatic responses—like blocking IPs with AWS WAF, sending alerts via SNS, or escalating to security teams—using Bedrock AgentCore for workflow automation.
Dashboard Visualization: Next.js dashboard (with Tailwind, shadcn/ui) visualizes live threat feeds, shows trends, and monitors mitigations.
Real Impact: Reduces false positives by 90% and cuts median threat response time from several minutes to under 2 seconds.

How we built it

Extension: Built with JavaScript, with hooks-capture console and network events, batch and POST as JSON to the AWS endpoint.
AWS Backend:
- API Gateway + Lambda: Handles log ingestion and orchestration.
- Bedrock Runtime: Prompts Claude with each incoming log or batch. Receives a structured threat analysis JSON.
- DynamoDB (or OpenSearch): Stores threats and actions for instant dashboard queries.
Dashboard: Real-time feed (polling), charts for types, confidence, and impact. Allows filtering by threat source, type, and time.
Infrastructure-as-Code: Terraform automates setup of all AWS resources.

// Lambda: Log Analysis and Response Orchestration
const { BedrockRuntimeClient, InvokeModelCommand } = require("@aws-sdk/client-bedrock-runtime");
const bedrock = new BedrockRuntimeClient({ region: "us-east-1" });
exports.handler = async (event) => {
  // Parse and analyze logs, orchestrate requirements
};

Challenges we ran into

Log Standardization: Handling inconsistent browser log formats, deduplication, and noisy data.
Latency: Achieving true real-time analysis with chained Lambda, Bedrock, and dashboard updates.
Balancing Sensitivity vs. False Positives: Tuning prompt and model thresholds to maximize catch rate but avoid alert overload.
Autonomous Orchestration: Seamlessly triggering chain reactions (e.g., WAF update only when confidence > 80%) using agent primitives.
Privacy: Ensuring extension is opt-in, does not leak user data, and complies with privacy laws for hackathon requirements.
AWS Service Limits: Operational quotas for Bedrock under free tier and managing costs with hackathon credits.

Accomplishments that we’re proud of

90% reduction in false positives, measured after integrating Bedrock core agents
<2s end-to-end response time from browser log capture to dashboard reporting and (in severe cases) auto-blocking malicious actors
Successful orchestration: Logs containing threats instantly trigger messages (alerts, WAF, archiving)
Intuitive real-time dashboard: Easy for SOC teams to monitor, investigate, and demonstrate impact to stakeholders
Seamless, modular architecture: Easy to extend (add mobile, new log sources, or more agents with almost zero backend changes)

What we learned

LLMs excel at reasoning over security logs—contextual understanding outperforms rules-only approaches when paired with anomaly models.
The power of orchestration: AgentCore enable AI to make and act on security decisions autonomously, drastically improving response.
User trust is crucial: Privacy by design and clear opt-in for log capture wins user confidence and meets compliance.
Cloud automation rapid prototyping: Terraform and managed AWS services massively speed up hackathon projects.
Metrics tell your story: Automated impact measurement (response time, false positive rate) speaks louder than claims.

What’s next for TrueGuardian

External Threat Intelligence: Pipeline VirusTotal, hybrid API lookups, and open threat feeds to enrich context.
Mobile Log Capture: Extending browser approach to a React Native app to secure mobile web sessions.
Advanced Reporting and Compliance: Automatic, downloadable PDF audit reports using Q and Lambda for SOC/enterprise needs.
Federated Agents: Multi-tenant SaaS; let different organizations “bring their own agent"—training and customizing detection for their own patterns.
Scalability: Continue simulating and handling ever-larger log volumes; cloud-scale with ECS Fargate and OpenSearch.

Built With

amazon-web-services
api
bedrock
dynamodb
gateway
github
javascript
lamda
next.js
postman
tailwind
terraform

Submitted to

Created by

I have worked on the Backend

reo ifigg
I have worked on the Plugin Extension.

Hindu Muppala
I worked on FrontEnd, UI/UX and Presentation while being the Team Lead.

Aditya .
I'm Aditya—a hackathon-winning product designer fusing creative vision with Web3, AI, and innovation. I love psychology, politics, & memes!
Nilam Bhojwani