Nest-AI

AI-powered conversational interface for OWASP Nest - discover projects, events, and contribution opportunities through natural language

Comment

Inspiration

The OWASP community offers an enormous amount of valuable material, but the sheer volume makes it difficult for newcomers to find what they need. Many students and early-career developers want to contribute to open security projects but struggle to understand where to start. The inspiration behind Nest AI was to remove this barrier by making OWASP’s ecosystem as easy to explore as having a conversation. The goal was simple: turn a highly technical environment into something anyone can navigate, no matter their background.

What it does

Nest AI provides a natural language interface for discovering real-time OWASP resources. Users can ask plain-English questions like “Show me events near me” or “What Python projects can I contribute to?” and receive interactive cards that summarize projects, issues, contributors, chapters, and events. The system pulls live data through the OWASP Nest API, analyzes queries with an AI model, and presents everything in a clean, intuitive UI. It essentially works as a personal guide to the entire OWASP ecosystem.

How we built it

The project is built on a three-layer architecture:

  1. AI layer: A HuggingFace Llama model handles intent detection, structured responses, and natural language understanding.

  2. MCP middleware: A custom Model Context Protocol (MCP) server abstracts OWASP Nest API calls into semantic tools such as nest_get_projects, nest_get_events, and nest_get_issues. This removes the need for users to understand API endpoints or parameters.

  3. Frontend & UI: A Next.js interface renders the final results using animated, interactive cards (Framer Motion), Tailwind for styling, and TypeScript for type safety.

User queries flow from the UI → AI model → MCP server → OWASP Nest API → back to the user as structured cards.

Challenges we ran into

  • Real-time data formatting: OWASP’s API returns diverse, sometimes inconsistent structures. Normalizing them for AI consumption and card rendering required careful design.
  • Tool-based reasoning: Ensuring the model reliably selected the correct MCP tools took significant prompt engineering and testing.
  • Maintaining privacy: The system needed user-provided API keys without storing them, which required a secure client-side configuration flow.
  • UI complexity: Interactive card animations and responsive layouts demanded extra optimization to keep the interface smooth.
  • Bridging multiple systems: Coordinating Next.js, the MCP server, HuggingFace inference, and live OWASP endpoints introduced many moving parts.

Accomplishments that we're proud of

  • A fully functioning conversational interface powered by live OWASP data.
  • A clean abstraction layer that turns complex API operations into human-friendly tools.
  • An intuitive UI that lowers the barrier to cybersecurity learning and contribution.
  • A privacy-first design using user-owned API keys.
  • Real use cases, such as beginner-friendly issue discovery and personalized event searching.

What we learned

  • How MCP can be used to transform raw APIs into semantic tools an AI model can reason about.
  • The importance of structured response formats for consistent UI rendering.
  • How to design prompts that guide AI behavior across multiple downstream calls.
  • Practical challenges of combining real-time data, AI reasoning, and a modern web interface.
  • The value of accessibility in technical communities — small improvements can drastically help newcomers.

What's next for Nest-AI

  • Adding conversation history and saved searches for a more personalized experience.
  • More fine-grained filtering (framework, language, difficulty, region).
  • Notification systems for new issues, events, or contributions.
  • Multi-language support for global accessibility.
  • Export features (PDF, CSV, JSON) for research and documentation needs.
  • Bringing Nest AI to mobile devices for on-the-go exploration.
  • Smarter recommendations based on a user’s interests, skill set, and past queries.

Nest AI is designed to keep evolving as the OWASP ecosystem grows, with the long-term goal of becoming the easiest, most accessible way to navigate application security resources.

Built With

Share this project:

Updates