DEV Community

Cover image for Sentinel Nexus: AI-Powered Threat Intelligence Platform
collynce
collynce

Posted on

Sentinel Nexus: AI-Powered Threat Intelligence Platform

This is a submission for the Bright Data Real-Time AI Agents Challenge


What I Built

I built a modular, agentic threat intelligence platform that demonstrates the full potential of AI agents with real-time web access:

Sentinel Nexus – An autonomous, LLM-powered threat intelligence system that continuously discovers, accesses, extracts, and interacts with security threats across the open web, dark web, and social media. It is architected for extensibility and real-world impact, solving the core challenges of speed, access, and accuracy in threat detection.

BrightData MCP Python – A custom MCP server implementation that enables seamless integration with Bright Data's infrastructure, providing robust browser automation, protection bypass, and structured data extraction capabilities specifically designed for threat intelligence gathering.


Core Problem Solved

Traditional threat intelligence platforms are slow, siloed, and struggle to access protected or dynamic sources. They rely on manual workflows, miss emerging threats, and suffer from high false positive rates.

Sentinel Nexus bridges this gap by combining:

  • Real-time web monitoring via Bright Data's MCP
  • Modular, agentic workflows orchestrated by Google ADK
  • Automated, LLM-driven extraction and analysis
  • Dynamic tool injection and robust error handling

Demo


Screenshots

Dashboard

Threats view

Reports


Repositories


Project Structure

Sentinel Nexus

sentinel/
├── backend/
│   ├── app/
│   │   ├── agents/
│   │   │   └── threat_analysis/
│   │   │       ├── __init__.py
│   │   │       ├── agent.py
│   │   │       ├── prompt.py
│   │   │       ├── prompts.py
│   │   │       ├── tools.py
│   │   │       ├── utils/
│   │   │       └── sub_agents/
│   │   │           ├── discoverer/
│   │   │           ├── monitor_social_media/
│   │   │           ├── scrape_website/
│   │   │           ├── search_news/
│   │   │           ├── synthesizer/
│   │   │           └── threat_analysis/
│   │   ├── services/
│   │   ├── api/
│   │   ├── core/
│   │   └── models/
│   ├── requirements.txt
│   └── ...
├── frontend/
│   ├── components/
│   ├── pages/
│   ├── layouts/
│   ├── assets/
│   ├── app.config.ts
│   ├── nuxt.config.ts
│   └── ...
└── ...

Enter fullscreen mode Exit fullscreen mode

MCP Server

brightdata-mcp/
├── server.py
├── browser_tools.py
├── browser_session.py
├── requirements.txt
└── README.md
Enter fullscreen mode Exit fullscreen mode

How I Used Bright Data's Infrastructure

Sentinel Nexus is architected to deeply leverage Bright Data's capabilities through its MCP server integration, enabling AI agents with comprehensive web access across all four key actions:

1. Discover

Agent: DiscovererAgent

Prompt: Uses the MCP-injected search_engine tool to perform real-time, multi-engine searches (Google, Bing, Yandex) for news, forums, and social media sources.

Workflow:

  • Analyze the query and context
  • Formulate targeted search strategies
  • Call search_engine for each category
  • Output structured, categorized discoveries for downstream agents

2. Access

Agents: ScrapeWebsiteAgent, SearchNewsAgent, MonitorSocialMediaAgent

Prompt: Instructed to use MCP-injected Web Unlocker and browser automation tools to bypass CAPTCHAs, anti-bot, geo-restrictions, and manage sessions.

Workflow:

  • Automatically select static or dynamic extraction based on site complexity
  • Use proxy rotation and session management for stealth
  • Handle forbidden/proxy errors gracefully

3. Extract

Agents: ScrapeWebsiteAgent, SearchNewsAgent, MonitorSocialMediaAgent

Prompt:

  • Selects the most appropriate MCP tool for the content type and site structure (scrape_as_markdown, scrape_as_html, web_data_x_posts, etc.)
  • Fallback logic: If one tool fails, try the next (static → dynamic extraction)
  • Outputs structured JSON with metadata about the extraction process

4. Interact

Agents: ScrapeWebsiteAgent, MonitorSocialMediaAgent

Prompt:

  • Uses browser automation tools for human-like interaction (scraping_browser_click, scraping_browser_type, etc.)
  • Handles infinite scroll, popups, dynamic content loading, and captures screenshots

Modular Agentic Pipeline (Google ADK + MCP)

  • Dynamic Tool Injection: All tools are injected at runtime via MCP, with async initialization and mapping (utils/mcp_init.py).
  • Agent Orchestration: Sequential and parallel agents coordinate discovery, collection, and analysis.
  • LLM-Driven Prompts: Each agent is guided by a specialized prompt for its role, instructing it to call the right MCP tool for the job.

Real-World Use Cases

  • SOC Teams: Real-time alerts, automated IOC extraction, and firewall updates
  • Threat Researchers: Dark web monitoring, actor tracking, and cross-source correlation
  • Security Vendors: Automated enrichment and reputation scoring for threat feeds

Conclusion

Every agent in Sentinel Nexus is guided by a specialized prompt that instructs it to call the right MCP tool for its role—whether discovering sources, accessing protected sites, extracting structured data, or interacting with dynamic content. This agentic, tool-driven workflow—powered by Google ADK and Bright Data MCP—delivers a robust, scalable, and intelligent threat intelligence platform that fully realizes the vision of the Bright Data AI Web Access Hackathon.

Top comments (0)