- π§ Overview
- π― Problem Statement
- β¨ Features
- 𧩠Architecture
- π³ Data Utilization & AI
- ποΈ Modules
- π₯ Demo
- π Getting Started
- π² Safety & Ethics
- π Directory Structure
- π§ Future Improvements
- πΈ Snapshots
- π References
Shield AI is an AI-powered cybersecurity system prototype designed to assist security analysts and IT teams. It enables faster, more intelligent threat detection and response through a user-friendly interface and AI-driven insights. This project aims to enhance security posture by leveraging Genkit and Large Language Models.
Modern cyber threats are increasing in volume and sophistication, often overwhelming security teams. Shield AI addresses this by:
- Providing AI-assisted analysis of threat data.
- Offering intelligent response suggestions for security incidents.
- Centralizing threat information and logs for efficient management.
- Reducing manual effort and time-to-response for security analysts.
- π Interactive Dashboard: Visualizes system status, active threats, security scores, and trends.
- π§ Data Lake (Threat Intelligence Aggregation): Central hub for users to input and get AI-powered summaries, risk assessments, and recommendations from aggregated cybersecurity data.
- π€ Real-time Defense (AI-Powered): Enables review of detected anomalies and uses AI (Genkit flow) to generate comprehensive response strategies.
- βοΈ Alert Configuration: Allows users to define custom thresholds and settings for triggering security alerts.
- π‘οΈ Data Protection: Implements secure protocols for handling sensitive cybersecurity data. (Note: Not GDPR-compliant yet).
- π Historical Threat Logs: Maintains a manageable log of resolved and ongoing risks with notes, facilitating quick diagnosis for recurrences.
Shield AI follows modern web application architecture:
- Frontend (User Interface):
- Built with Next.js (App Router), React, TypeScript.
- Styled with ShadCN UI components and Tailwind CSS.
- Hosted on Firebase App Hosting.
- Key Pages: Dashboard, Data Lake, Real-time Defense, Alert Configuration, Threat Logs.
- Backend Logic (Next.js Server):
- Utilizes Next.js Server Components and Server Actions for server-side rendering and data mutations.
- Handles API requests from the frontend.
- AI Orchestration (Genkit):
- Manages AI workflows defined in
src/ai/flows/. - Interfaces with AI models for tasks like summarization and suggestion.
- Manages AI workflows defined in
- AI Models (Google Gemini):
- Leverages large language models for natural language understanding, text generation, and structured data output.
- Data Flow (Example: Data Lake Analysis):
- User inputs data on Data Lake Page (UI) β Next.js Server Action β
summarizeThreatDataGenkit Flow β Google Gemini Model β Genkit Flow returns results β Next.js Server Action updates UI.
- User inputs data on Data Lake Page (UI) β Next.js Server Action β
Shield AI leverages Genkit and Google Gemini for its intelligent features:
- Threat Data Summarization (
summarizeThreatDataflow):- Processes aggregated cybersecurity data (logs, alerts).
- Generates a concise summary.
- Assesses the risk level (low, medium, high, critical).
- Provides actionable recommendations.
- Response Suggestion (
suggestResponseflow):- Takes details of a detected threat/anomaly as input.
- Suggests a detailed remediation strategy.
- Estimates the impact of the strategy.
- Lists required resources.
- Proposes a communication plan.
- Threat Briefing Generation (
generateThreatBriefingflow):- (Conceptual) Can generate comprehensive threat landscape briefings from provided data.
| Component/Module | Description |
|---|---|
src/app/(pages)/page.tsx |
Individual page components for UI (Dashboard, Data Lake, etc.) |
src/components/AppLayout.tsx |
Main application shell, sidebar navigation, and overall page structure. |
src/ai/genkit.ts |
Initializes and configures the Genkit AI framework with necessary plugins. |
src/ai/flows/*.ts |
Defines specific AI-powered workflows (e.g., summarizing data, suggesting responses). Each flow orchestrates calls to LLMs with defined inputs/outputs. |
src/app/globals.css |
Defines the global styling and ShadCN UI theme variables for the application. |
next.config.ts |
Configuration file for the Next.js framework. |
package.json |
Lists project dependencies and defines scripts for running/building the app. |
- Frontend: Next.js, React, TypeScript, ShadCN UI, Tailwind CSS, Recharts, Lucide React
- Backend/Server Logic: Next.js (Server Actions, Server Components)
- AI Orchestration: Genkit
- AI Models: Google Gemini (via
@genkit-ai/googleai) - Hosting: Firebase App Hosting
- Styling/UI: Inter Font, Minimalist Icons (Lucide)
- Theme Colors:
- Primary: Deep Blue (
#3F51B5) - Background: Light Gray (
#ECEFF1) - Accent: Teal (
#009688)
- Primary: Deep Blue (
A short demo video to guide through Shield AI:
[(shieldai_pikachu)](https:
- Node.js (v18 or newer recommended)
- npm or yarn
- Firebase CLI (for deployment, optional for local dev)
- Clone the repository (if applicable) or use the Firebase Studio environment.
- Install dependencies:
or
npm install
yarn install
- Environment Variables:
- Create a
.envfile in the root of the project. - Add any necessary environment variables, especially
GOOGLE_API_KEYfor Genkit to access Google AI Studio models:GOOGLE_API_KEY=your_google_ai_studio_api_key
- Create a
- Initialize Genkit (if running locally for development without Firebase emulators for Genkit):
- Genkit flows are typically started with a development server. Check
package.jsonfor scripts likegenkit:devorgenkit:watch. - Run in a separate terminal:
npm run genkit:dev
- Genkit flows are typically started with a development server. Check
npm run devThe application should now be running, typically on http://localhost:9002.
- AI as Assistant: AI-generated suggestions are intended for review and validation by security professionals, not as fully autonomous actions in the current prototype.
- Data Security: Focus on secure handling of sensitive data (though GDPR compliance is a future goal).
- User Control: Users maintain control over configurations and final actions based on AI recommendations.
shield-ai/
βββ src/
β βββ app/ # Next.js App Router: Pages and layouts
β β βββ (page-name)/page.tsx # Individual page components
β β βββ layout.tsx # Root layout
β β βββ globals.css # Global styles and ShadCN theme
β βββ components/ # Reusable React components
β β βββ ui/ # ShadCN UI pre-built components
β β βββ AppLayout.tsx # Main application shell/sidebar
β βββ ai/ # Genkit AI related files
β β βββ flows/ # Genkit flow definitions (e.g., summarize-threat-data.ts)
β β βββ genkit.ts # Genkit initialization
β β βββ dev.ts # Genkit development server entry point
β βββ lib/ # Utility functions (e.g., cn.ts)
β βββ hooks/ # Custom React hooks (e.g., use-toast.ts)
βββ public/ # Static assets
βββ .env # Environment variables (Gitignored)
βββ next.config.ts # Next.js configuration
βββ tailwind.config.ts # Tailwind CSS configuration
βββ tsconfig.json # TypeScript configuration
βββ package.json # Project dependencies and scripts
βββ README.md # This file
- Advanced automated response actions (with strict human oversight).
- Deeper integration with SIEM/SOAR tools.
- Achieve GDPR compliance for data handling.
- More sophisticated and customizable data visualizations.
- Enhanced AI memory for contextual understanding across sessions.
- Support for more data sources and automated ingestion.
Shield AI provides a clean, modern web interface for interacting with its cybersecurity features. Key views include:
- Dashboard: Overview of security posture with charts and key metrics.
- Data Lake: Interface for inputting raw threat data and receiving AI-driven analysis.
- Real-time Defense: Page to review anomalies and get AI-suggested response plans.
- Alert Configuration: Forms to customize alert thresholds.
- Threat Logs: Table-based view for managing historical incident logs. The UI uses a consistent theme based on deep blue, light gray, and teal, with a focus on clarity and ease of use.
This project builds upon a wide array of open-source tools, models, and libraries.
-
Quantum Sentinel β GPT-based security alert/log analysis
KOSASIH. Quantum Sentinel.
GitHub Repository -
RAG for Cybersecurity β Retrieve + generate cybersecurity insights from documents
Santos Omar. RAG for Cybersecurity Knowledge Retrieval.
GitHub Repository -
LLMFuzzer β LLM-based fuzzer for vulnerability discovery
mnns. LLMFuzzer: Fuzzing with LLMs.
GitHub Repository
-
AI-Enhanced Phishing Detection
melisasvr. AI-Enhanced Phishing Detection.
GitHub Repository -
AI Enhanced Phishing Detection
nagasaigudiwada. AI Enhanced Phishing Detection.
GitHub Repository -
Phishing URL Detector
ajaymahar. Phishing URL Detector.
GitHub Repository -
Phishing URL Detector
AnshGoyal-Tech. Phishing URL Detector.
[GitHub Repository]) (https://github.com/AnshGoyal-Tech/Phishing-URL-Detector
-
Anomaly-Based Intrusion Detection for IoT
rhish9h. IoT Security β Anomaly-Based Intrusion Detection System.
GitHub Repository -
Research Paper: Intrusion Detection System Based on Anomaly
sumododda. Intrusion Detection System (Final Paper).
PDF
-
IDS-CICIDS2017 β Detecting suspicious activity, attacks, and malware using ML
mohitwildbeast. IDS using CICIDS2017 Dataset.
GitHub Repository -
Simple IDS β A basic intrusion detection system
jashobeam. Simple IDS.
GitHub Repository