AEGIS: AI-Enhanced Guardian Intelligence System

AEGIS is an automated security system for DeFi protocols. We built AI-powered circuit breakers that detect threats and pause protocols before funds get drained. The problem we're solving is response time. DeFi loses over $3 billion a year to exploits, and the reason is simple, by the time anyone notices an attack, the money is already gone. The Euler hack took 13 minutes to drain $197 million. Ronin lost $625 million and nobody even noticed for 6 days.
We fix this with three AI sentinels that monitor protocols around the clock. One watches liquidity and TVL changes to catch flash loan attacks. Another compares on-chain prices against Chainlink feeds to spot manipulation. The third monitors governance for malicious proposals. Every 30 seconds, they analyze the protocol state and vote on whether there's a threat. When 2 out of 3 sentinels agree something is critically wrong, the circuit breaker triggers automatically. No human in the loop, no committee to convene, no delays. The protocol pauses and the threat gets logged on-chain.
The difference between us and existing security tools is that we actually do something about threats. Forta and others will tell you there's a fire. We trigger the sprinklers. Everything runs through Chainlink's decentralised network so the protective actions are verifiable and trustless.

The system has four main layers. Smart contracts handle the on-chain logic, written in Solidity using Foundry and OpenZeppelin. We deployed CircuitBreaker, SentinelRegistry, ThreatReport, a VRF consumer, and an AlertReceiver on Base Sepolia.
The AI layer runs Python with CrewAI and Claude. Three specialised agents analyse protocol data in parallel and each votes on the threat level. We exposed this through a FastAPI server that the Chainlink workflows call.
For the orchestration layer, we wrote 5 CRE workflows in TypeScript. The main one runs every 30 seconds, reads TVL and prices from the chain, calls our AI API, and triggers the circuit breaker if the sentinels reach critical consensus. Other workflows handle cross-chain CCIP alerts, VRF tie-breaking, forensics, and health monitoring.
The frontend is React with Vite and Tailwind. It shows real-time monitoring status and has a demo that replays the Euler hack step by step so you can watch AEGIS detect the attack.