A Multi-Agent LLM-based Cybersecurity Copilot for SOC Teams
SEC-COPILOT integrates LLMs with real-time threat intelligence and role-specific multi-agent reasoning (Attacker, Defender, Intel Analyst, Decider, Toolsmith).
It helps SOC teams reduce alert fatigue, investigate incidents, and generate step-by-step defense strategies — inside a ChatGPT-style web UI.
✨ Features
- 🔐 JWT Authentication (signup, login, logout)
- 💬 Chat Conversations (saved in MongoDB, organized by folders/history)
- 🧑🤝🧑 Multi-Agent System:
- Attacker → simulates adversary behavior
- Defender → mitigations and response
- Intel Analyst → gathers context (Reddit, StackOverflow, APIs)
- Toolsmith → suggests tools/scripts
- Decider → final recommendations
- 📑 Trace Mode → shows agent reasoning (step logs, tool calls)
- 🎨 Modern Web UI → bubble chat, typing indicators, folders/history sidebar
- 🗄️ MongoDB Storage → users, conversations, messages, traces
- 🐳 Dockerized Deployment → run API + MongoDB + UI in one command
🛠️ Tech Stack
-
Frontend:
- HTML, CSS, Vanilla JS
- LocalStorage for session/token
- ChatGPT-like UI with folders & trace panel
-
Backend:
- FastAPI (Python 3.12)
- JWT Auth (python-jose, passlib/bcrypt)
- Orchestrator for multi-agent reasoning
-
Database:
- MongoDB (async with Motor driver)
-
Deployment:
- Docker + Docker Compose
- uv (dependency manager)
📂 Project Structure
sec-copilot/
├── app/
│ ├── api/routers/ # FastAPI routers (auth, chat, data)
│ ├── orchestrator/ # Agents: planner, defender, attacker, etc.
│ ├── security/ # JWT, password hashing
│ ├── ui/web/ # Frontend (HTML, CSS, JS)
│ ├── db.py # MongoDB connection + init_db
│ ├── main.py # FastAPI entrypoint
│ └── models.py # Data models (user, conversation, message, trace)
├── .env # Environment variables
├── requirements.txt # Python dependencies (if not using uv)
├── docker-compose.yml # Dev environment (API + Mongo)
└── README.md # Documentation⚙️ Setup Instructions
git clone https://github.com/YOUR_USERNAME/sec-copilot.git
cd sec-copilot
uv sync # or pip install -r requirements.txtCreate a .env file in project root:
MONGODB_URI=mongodb://127.0.0.1:27017
MONGODB_DB=sec_copilot
JWT_SECRET=super_secret_key_here
JWT_ALGORITHM=HS256
JWT_EXPIRE_MINUTES=10080docker-compose up --builduv run uvicorn app.main:app --reload --port 8000Visit UI → http://localhost:8000
🧪 Testing
- ✅ Unit tests for agents & policies
- ✅ API contract tests with FastAPI
TestClient - ✅ End-to-end: login → chat → save trace → reload conversation
Run:
pytest -v🚀 Roadmap
- JWT auth system
- Multi-agent orchestration skeleton
- MongoDB persistence for conversations
- UI with folders/history + trace toggle
- Threat intel API connectors (Reddit, StackOverflow)
- Simulation mode (attacker vs defender "game")
- Cloud deployment (Kubernetes + Mongo replicaset)
- Role-based access control (admin vs analyst)
👥 Contributors
- Harshith B — Project Lead (BE CSE @ BMSCE)
- Aashirvaad Kumar S
- Govind Jairam Rathod
📜 License
This project is licensed under the --- License — see LICENSE for details.