CipherScout

Automating the kill chain of security auditing—from detection to patch generation—using generative AI.

Comment

Inspiration

In the modern DevSecOps landscape, velocity often outpaces security. Developers ship code faster than security teams can audit it. Traditional SAST tools are noisy, flooding dashboards with false positives, while manual penetration testing is slow and expensive.

We were inspired by the concept of an "Autonomous Agent"—what if an AI could act as a senior security researcher? What if it didn't just flag a line of code, but explained how to exploit it, calculated the business risk, and wrote the patch for you? That question led to the birth of CipherScout.

What it does

CipherScout simulates a high-end, multi-day security audit in a matter of minutes. It guides the user through a three-phase "Kill Chain" workflow:

  1. Day 1: Reconnaissance & Ingestion: The system analyzes the target repository (via URL or upload), mapping attack surfaces, dependency trees, and data flow graphs.
  2. Day 2: The Hunt: It identifies critical vulnerabilities (OWASP Top 10) and leverages Google Gemini to perform a "Deep Dive." The AI explains the security impact, suggests mitigation strategies, and even generates theoretical exploit vectors (PoCs) to prove the risk.
  3. Day 3: Remediation: CipherScout auto-generates code patches. It presents them in a professional Diff Viewer, allowing developers to apply fixes with a single click.

How we built it

We built CipherScout as a modern, high-performance Single Page Application (SPA) focusing on a "Cyber/SecOps" aesthetic to make security feel immersive.

  • Core Engine: Built with React 19 and TypeScript for type-safe, robust logic.
  • AI Intelligence: We integrated the Google Gemini API (specifically the gemini-3-flash-preview model). We utilized advanced prompt engineering with responseSchema to force the AI to return structured JSON data (Confidence Scores, Exploit Vectors, Impact Analysis) instead of unstructured text.
  • UI/UX: We used Tailwind CSS with a custom configuration to achieve the dark-mode, neon-accented "hacker" visual style.
  • Visualization: Recharts was used to render real-time risk velocity and attack surface metrics.
  • Simulation Layer: To ensure a consistent and reliable demo experience without needing a heavy backend server to clone massive git repos, we implemented a deterministic simulation engine (auditService.ts). It hashes input URLs to generate consistent, reproducible "vulnerability findings" that look and feel real.

Challenges we ran into

  • Structured AI Outputs: Getting Large Language Models to strictly adhere to a JSON schema for UI integration was difficult. We solved this by using the responseMimeType: "application/json" configuration in the Gemini SDK and refining our system prompts.
  • Context Awareness: Initially, the AI analyzed vulnerabilities in a vacuum. We had to refactor the prompt logic to inject "Global Project Context" (Lines of Code, Dependency counts, Attack Surface scores) so the AI could assess risk more accurately (e.g., a vulnerability in a high-dependency project is riskier).
  • Visualizing Code Diffs: Building a custom "Diff Viewer" from scratch to highlight added/removed lines (+ green, - red) without using heavy external libraries required complex CSS grid logic.

Accomplishments that we're proud of

  • The "Deep Dive" Feature: Clicking the AI Analysis button and watching Gemini break down a complex SQL Injection into understandable business risks and exploit payloads feels magical.
  • Immersive UX: The transition between "Day 1 Scanning" and "Day 2 Hunting" with the progress bars and terminal logs creates a compelling narrative that gamifies the boring task of auditing.
  • Robust Error Handling: We built a resilience layer that handles API rate limits and network failures gracefully, ensuring the app never crashes during a demo.

What we learned

  • Prompt Engineering is an API: We learned that treating English prompts as strict API contracts (using Schemas) is the future of AI software development.
  • Security Context Matters: A vulnerability isn't just code; it's context. Passing metadata about the repo size and complexity to the AI resulted in significantly higher quality insights.

What's next for CipherScout

  • Real-time GitHub Integration: Moving from simulation to actual git clone operations using a backend worker.
  • Automated PRs: Allowing the "Apply Patch" button to actually open a Pull Request on GitHub.
  • Agentic Workflows: allowing the AI to "ask" to inspect other files to confirm if a vulnerability is reachable.

Built With

Share this project:

Updates