Inspiration
SentinelOps was inspired by the increasing sophistication of cloud security threats combined with the critical shortage of cybersecurity professionals. The project aims to create an autonomous system that can detect, analyze, and remediate security incidents at machine speed while maintaining the judgment quality of human experts.
What it does
SentinelOps is a multi-agent security platform built on Google's Agent Development Kit (ADK) that: • Continuously monitors cloud environments for security threats • Autonomously analyzes potential incidents using Google Gemini • Recommends and implements appropriate remediation actions • Documents the entire incident response process • Provides human-readable explanations for all decisions
How I built it
The system uses a multi-agent architecture with distinct agents: • Orchestrator Agent: Coordinates workflows and ensures proper sequencing • Detection Agent: Monitors logs and security feeds for anomalies • Analysis Agent: Performs detailed investigation of potential threats • Remediation Agent: Implements security measures • Communication Agent: Notifies stakeholders and generates reports The implementation leverages: • Google's Agent Development Kit (ADK) for agent orchestration • Google Gemini API for AI reasoning capabilities • Google Cloud services (BigQuery, Pub/Sub, Firestore, Cloud Functions) • FastAPI for API interfaces • Real GCP services for testing (explicit policy against mocking)
Challenges I ran into
Major challenges included: • Creating effective collaboration between autonomous agents without conflicts • Building safeguards to prevent inappropriate remediation actions • Developing transparent explanations for complex security decisions • Implementing reliable state management for incident response workflows • Ensuring security of the security system itself
Accomplishments that I'm proud of
Key achievements include: • A functioning multi-agent security system with clear separation of concerns • Workflow management that can handle complex security incident responses • Integration with Google Cloud security services • Transparent, explainable AI decisions for all security actions • Rigorous testing with real cloud services (strict no-mocking policy)
What I learned
The project provided insights into: • Designing collaborative AI systems with specialized agents • Implementing Google's Agent Development Kit for practical applications • Building safeguards for autonomous security systems • Creating explainable AI for security decision-making • Implementing complex state management for long-running workflows
What's next for Sentinel Ops
Future development plans include: • Adding specialized agents for compliance monitoring and threat hunting • Enhancing adaptive learning capabilities based on past incidents • Expanding support to multi-cloud environments • Developing integration with popular SIEM platforms • Creating a library of security playbooks for common incident types
Built With
- bigquery
- fastapi
- firestore
- google-cloud
- googleadk
- googlegemini
- iam
- kubernetes
- langchain
- opentelemetry
- pubsub
- python
- secretmanager
- terraform
- vpc
Log in or sign up for Devpost to join the conversation.