I Built an AI Cybersecurity Agent for $0 — And It Runs 24/7
Most people “learn cybersecurity” by reading.
I built something that does it live.
🚀 The Idea
I wanted a system that:
- Tracks real-world cyber threats continuously
- Filters noise
- Alerts me instantly when something critical happens
So I built an AI-powered cybersecurity agent that runs every 30 minutes and sends alerts directly to my phone.
⚙️ What It Does
-
Fetches cybersecurity news from:
- CISA
- The Hacker News
- Krebs on Security
- BleepingComputer
-
Processes each article using:
- Groq + Llama 3.1
-
Generates:
- 2-line plain-English summary
- Severity classification → Critical / High / Medium / Low
-
Sends:
- 🚨 Telegram alert for Critical threats
🧩 System Architecture
This isn’t a chatbot. It’s a real pipeline:
- Fetch → RSS sources
- Deduplicate → SHA-256 hashing
- AI Tagging → Summary + severity
- Store → SQLite
- Serve → FastAPI
- Display → Dashboard
- Alert → Telegram
As shown in the architecture diagram (page 4 of documentation), each stage is isolated and independently replaceable.
🧱 Tech Stack (100% Free)
- Backend → FastAPI
- AI → Groq (Llama 3.1)
- Scheduler → APScheduler
- Database → SQLite
- Hosting → Railway
- Frontend → Vercel
- Alerts → Telegram Bot
💡 Total cost: $0
🔥 Key Engineering Decisions
Deduplication
Using SHA-256 URL hashing prevented ~60–70% duplicate processing (huge API savings).
Structured Prompting
Instead of free text, the AI outputs strict JSON → easier parsing and reliability.
Alert Control
alerted=1 flag ensures no duplicate notifications.
📊 What Makes This Valuable
This project is not theoretical.
- Every article = real threat intelligence
- Every CVE = real vulnerability
- Every alert = something worth investigating
As described in the project outcomes (page 13), this acts as a live threat intelligence database + learning system.
🧠 What I Learned
- Building real AI pipelines (not demos)
- Debugging deployment issues (CORS, Linux case sensitivity, Git conflicts)
- Designing scalable data flows
- That debugging teaches more than tutorials
🔮 What’s Next
- IOC extraction (CVE, IPs, domains)
- Personal threat watchlist
- Weekly AI threat digest
- Inline URL scanner
(Planned improvements outlined on page 15)
🌐 Live Project
- Dashboard: https://cybersec-news-agent.vercel.app/
- GitHub:https://github.com/SoumyaKhaskel/cybersec-news-agent
🧭 Final Thought
Reading builds knowledge.
Building creates capability.
If you're preparing for CEH or Security+, stop just consuming.
Build something that watches the real world.
Top comments (0)