Using AI analysis, we can pinpoint relevant threats to your tech stack eliminating exploit reuse. Instantly react to new cybersecurity developments before threat actors use threats against you.

⚠️ Warning: This blog post was originally written for a Hackathon and was done with a partner.

Video

Inspiration

60% of cybersecurity incidents exploit known vulnerabilities (1), and the average vulnerability does not get patched until over 200 days after it is discovered (2). The cybersecurity war is not over our ability to combat exploits, but the speed at which we can discover and take preventive measure against vulnerabilities. However, with over 560,000 cyber threats being discovered daily (3), it’s near impossible to keep up to date with the specific vulnerabilities that affect your stack. CyberCanary aims to close the gap between when a threat is first discovered to when it is patched. Using a stream of intel from social media, articles, websites, and more, we can actively filter for the most useful insights to protect a company based on its unique technical stack, vulnerability surface, and structure. Using AI analysis, we can pinpoint relevant threats, eliminating time waste on irrelevant vulnerabilities that would be spent in a typical newsfeed scan of cyber threats, and significantly improve our cyber space’s safety.

What it does

CyberCanary gets streams of new articles, social media posts, and websites and identifies cybersecurity-related news. Then, through the use of AI, cybersecurity threats are extracted from these sources, curating a list of new and potentially dangerous vulnerabilities. Clients can create any number of projects on the CyberCanary website, where a simple title and description of the project’s stack will be processed and compared using AI against new threats. If the AI determines that a new threat is relevant to the client’s project, then we generate a report, and the client will be notified that there is a new cybersecurity threat to their systems, along with next steps, and resources to tackle the problem.

How we built it

The website was largely built through Python and HTML, using Flask for the web framework. On the backend side we used a combination of multithreaded python code to process incoming threats, using Llama 3.3 70b as our AI model, and PostgreSQL as our database. In order to gather sources of new threats we utilized RSS feeds for several large news sources, and a stream of every post from BlueSky a popular social media platform used by many cybersecurity researchers.

Challenges we ran into

Some challenges we faced were with getting the database onto both of our computers, so we could both work on implementing our functionalities. Sharing the same database of social media, website, and article information on both of our computers, such that changes to one could be reflected in the other, took time and effort to figure out. One other specific challenge we ran into was when the initial databases (filled with dummy data) were created on the frontend side using SQLite3, but the database filled with real data was created on the backend side in PostgreSQL. As a result, we had to convert all of our tables to PostgreSQL to match, a process that went overall smoothly but definitely was not a foreseen complication. Also hosting the AI model was a challenge due to restricted permissions on our GPU server, and issues with frequent resets of the server. Long story short the only way for us to connect to the llama server is via a reverse SSH port forward from the server into our laptop exposing SSH to the public internet.

Accomplishments that we’re proud of

As a whole, this project is an accomplishment we’re very proud of. Not only did CyberCanary reach or exceed every goal we set at the start of the project, but the learning process was definitely something that we’re both proud to have done. Some specific accomplishments include the integration of an AI model into our project, the creation and use of a database, and the development of the website’s UI and appearance. All of these are tasks that one or both of us were new to, and consequentially accomplishments that we learned the most from.

What we learned

We’ve both learned a lot from this project. Going into this, our frontend developer had never worked with Flask or any database at all, and our backend developer had never attempted to use AI in a project. We’ve come leaps and bounds from even the first day of hacking, and it’s been a transformative experience for us as both coders and people. We’re learning how to create user authentication systems, and simultaneously how to schedule our breaks to save the most time. We’re limit-testing our ability to crunch tasks under time and pressure, and also what the human limit of caffeine-powered productivity is. We definitely came away from this Hackathon with a lot more than either of us expected, and we’re proud of what we’ve learned and accomplished in these 3 days.

What’s next for CyberCanary

CyberCanary is definitely a project that we both see having a bright future. There’s a practical market, and there’s so much room for CyberCanary to grow, and so many incredible features we brainstormed without the time or means to implement. As amazing as CyberCanary is, it can be so much greater, and that high ceiling is what makes us both so optimistic about its future. Some specific features you might look forward to seeing: scraping more social medias, websites, and articles, a much more secure multi-factor authentication system for client log-in, a system to classify threats and group them for easier assignment to relevant projects, and a way to anonymize clients in our system entirely, such that CyberCanary does not keep any sensitive information at all.