For the Global AI Hackathon Series with Qwen Cloud (Track 4 · Autopilot Agent) I built AIAuditFrauds: a multi-agent AI that automates a corporate finance audit end-to-end — semantic search over 1,558 invoices, rule detectors, OFAC sanctions screening, a written report — while a human approves every consequential action. 100% on the Qwen stack: qwen-max + text-embedding-v4 (DashScope), AgentScope, DashVector, deployed on Alibaba Cloud ECS.
Try the Live Demo of AIAuditFrauds
The problem: AI you can trust with money
Corporate finance teams drown in invoices, and fraud hides in the noise: the same invoice paid twice, a "vendor" that doesn't exist, an amount that quietly breaks policy, a wire pushed through at 3 a.m., a payee on a sanctions list. No human can eyeball tens of thousands of rows.
But finance is exactly where you cannot let an AI act on its own. An LLM that hallucinates a paragraph is embarrassing; an LLM that flags the wrong vendor as fraudulent — or misses a sanctioned payee — is a lawsuit. So the design goal became the whole product: automate the workflow end-to-end, but put a human checkpoint in front of every consequential action.
And one architectural rule I never broke:
The deterministic detectors decide the audit outcome. Qwen plans, narrates and answers questions. If the model is ever down, the audit still runs.
What it does — one mission, two human gates
You type an ambiguous, free-text mission: "find duplicate vendor payments and suspicious spending this quarter."
Gate 1 — the plan. Qwen (qwen-max via DashScope) interprets the mission and drafts a concrete audit plan. Nothing runs until the auditor approves, edits, or rejects it.
Evidence. A team of AgentScope specialists takes over, each step attributed live in the timeline:
- Transaction Screening → semantic search in DashVector over Qwen text-embedding-v4 vectors
- Spend Analysis → SQL aggregation in PostgreSQL
- Risk Triage → deterministic detectors (exact/near duplicates, policy limits, ghost vendors, off-hours payments) + live screening against the US Treasury OFAC sanctions list
The run above flagged 595 suspicious invoices worth $33M — each with reasons and evidence you can drill into:
Gate 2 — the human decides. The auditor approves or rejects items one by one. Only approved invoices are written — a single idempotent, audited transaction. The AI never touches the ledger.
Report. Qwen writes the closing narrative, and an Audit Assistant answers follow-up questions grounded in the actual evidence ("Which flagged invoice is the most urgent to verify, and why?").
The architecture
Everything hinges on one seam: a typed Server-Sent-Events contract — plan → gate 1 → tools → proposal → gate 2 → gated write → report → done. The frontend, store and API depend only on that event sequence, so the model, agent and data layers could evolve freely underneath while 124 contract tests kept everything honest (the whole suite runs with zero cloud credentials).
Working with the Qwen Cloud stack — field notes
This was my first project going all-in on the Qwen ecosystem. Honest notes from the journey:
DashScope (Qwen API). One key from the Qwen Cloud console drives both chat and embeddings. text-embedding-v4 returns clean 1024-dim vectors; embedding 1,558 invoices took under two minutes in batches of 10.
The one gotcha for international accounts: use the intl endpoints, or you'll stare at 401 invalid_api_key wondering what you did wrong:How to fix the 401 invalid_api_key error
# native SDK
dashscope.base_http_api_url = "https://dashscope-intl.aliyuncs.com/api/v1"
# OpenAI-compatible mode (what AgentScope uses under the hood)
base_url = "https://dashscope-intl.aliyuncs.com/compatible-mode/v1"
AgentScope 2.x. Alibaba's multi-agent framework had a major rewrite, so tutorials from 1.x will mislead you — read the installed source. The API I landed on:
AgentScope 2.x agent setup
from agentscope.agent import Agent # Agent IS the ReAct agent
from agentscope.model import DashScopeChatModel
from agentscope.credential import DashScopeCredential
from agentscope.tool import Toolkit, FunctionTool, ToolResponse
model = DashScopeChatModel(
credential=DashScopeCredential(api_key=KEY, base_url=INTL_COMPAT_URL),
model="qwen-max",
)
agent = Agent(name="RiskTriageAgent", system_prompt=..., model=model,
toolkit=Toolkit(tools=[FunctionTool(screen_vendor_sanctions)]))
Three things that cost me debugging time: Msg.content must be a list of content blocks (not a string), tool functions must return a ToolResponse (not a dict), and the credential's base_url decides which region you hit. Once wired, an agent calling a real OFAC-screening tool worked on the first live run — and AgentScope's built-in external tool-confirmation flow maps beautifully onto human-in-the-loop designs.
DashVector. The pleasant surprise of the project. Free trial cluster, created a 1024-dim cosine collection in the console, and the SDK is tiny:
DashVector upsert and query
coll = dashvector.Client(api_key=KEY, endpoint=ENDPOINT).get("transactions")
coll.upsert([dashvector.Doc(id=inv.invoice_id, vector=vec, fields={...})])
hits = coll.query(query_vector, topk=8, output_fields=["vendor_name", "amount"])
Being built by the same team as Qwen, it pairs naturally with Qwen embeddings — no dimension gymnastics, no separate index management.
Alibaba Cloud ECS. The whole system deploys as one Docker Compose stack (app + PostgreSQL) on a $0.02/hour ECS instance in Singapore, behind Caddy for automatic Let's Encrypt HTTPS. Total cloud bill for the entire hackathon: under $10. A fun proof-of-deployment trick: Alibaba's internal metadata service (http://100.100.100.200) is only reachable from inside Alibaba Cloud — one curl attests your instance identity.
What I'd tell you if you're building on Qwen Cloud
- Pin your AgentScope version and introspect the installed API — the 2.x rewrite is good, but docs lag. inspect.signature() is your friend.
- Design so the LLM is a planner/narrator, not the source of truth. Deterministic logic decides; Qwen explains. Your demo will survive any quota hiccup.
- Keep one region. DashScope intl + DashVector + ECS + OSS all in Singapore = no cross-region surprises and free internal traffic to OSS.
- Make your test suite credential-free. An in-memory repository behind the same interface as Postgres + DashVector meant CI never needed a single key.
- Human gates are a feature, not friction. The two-gate design is the reason a finance team could actually deploy this.
The result
A production-posture autopilot for finance audits: live on Alibaba Cloud, HTTPS domain, 124 green tests, graceful fallbacks, idempotent writes — and a human in command of every dollar-touching decision.
proga100
/
aiauditfrauds
Multi-agent finance fraud auditor on Qwen + AgentScope + DashVector, deployed on Alibaba Cloud (Qwen Cloud Hackathon, Agent Society)
AIAuditFrauds
A multi-agent AI auditor that automates the corporate finance-audit workflow end-to-end — hunting duplicate payments, ghost vendors, policy breaches, off-hours transactions and OFAC sanctions risk — with human-in-the-loop checkpoints at every critical decision.
Built for the Global AI Hackathon Series with Qwen Cloud · Track: Autopilot Agent · Runs 100% on the Qwen / Alibaba Cloud stack.
- 🌐 Live demo: https://aiauditfrauds.flance.info (deployed on Alibaba Cloud ECS, Singapore)
- 🎬 Demo video (2:18): https://www.youtube.com/watch?v=RVi0Vh_mm_w
- 🧩 Stack: Qwen (DashScope) · AgentScope · DashVector · PostgreSQL · Alibaba Cloud OSS
- 🔗 Proof of Alibaba Cloud usage:
aiauditfrauds/integrations/alibaba_cloud.py
The idea — and why it matters
Corporate finance teams drown in invoices, and fraud hides in the noise: the same invoice paid twice, a payment to a vendor that doesn't really exist, an amount that quietly breaks policy, a wire pushed through at 3 a.m., a payee on a sanctions list. A human can't eyeball…
- 🌐 Try it live: https://aiauditfrauds.flance.info
- 🎬 3-min demo: https://www.youtube.com/watch?v=RVi0Vh_mm_w
- ⭐ Code (GPL-3.0): https://github.com/proga100/aiauditfrauds
Built for the Global AI Hackathon Series with Qwen Cloud — Track 4: Autopilot Agent. The project concept existed before the hackathon; during the submission period it was rebuilt end-to-end on the Qwen stack (DashScope, AgentScope, DashVector, ECS). Development was AI-assisted with Claude Code.







Top comments (0)