All hackathons

FIND EVIL! Hackathon

Generate ideas

Build AI defenders that respond to cyber threats in seconds, not minutes.

2 weeks
Python

The Challenge

AI threats can compromise systems in under 8 minutes, while human response times are significantly slower. This hackathon challenges you to build autonomous AI agents on the SANS SIFT Workstation to close this gap, teaching AI to think like a senior incident responder, sequence its approach, recognize anomalies, and self-correct.

Tracks / Categories

No specific tracks are mentioned, but the focus is on improving AI-driven incident response capabilities.

Required Tech & Constraints

  • Platform: SANS SIFT Workstation (a platform with 200+ incident response tools).
  • Framework: Protocol SIFT (a framework connecting AI agents to SIFT tools via Model Context Protocol - MCP).
  • Team Size: Up to 5 participants. Solo participation is permitted.
  • Supported Architectural Approaches:
    • Direct Agent Extension (Claude Code / OpenClaw)
    • Custom MCP Server
    • Multi-Agent Frameworks (AutoGen, CrewAI, LangGraph)
    • Alternative Agentic IDEs (Cursor, Cline, Aider)
  • Open Source: Submissions must be open-source (MIT or Apache 2.0 license).

Submission Requirements

All eight components are required:

  1. Code Repository: Public GitHub repository with an open-source license (MIT or Apache 2.0).
  2. Demo Video: Maximum 5 minutes. Screencast of live terminal execution with audio narration, showcasing agent operation, real case data, and at least one self-correction sequence.
  3. Architecture Diagram: Illustrating component connections, chosen architectural pattern, and security boundaries (prompt-based vs. architectural guardrails).
  4. Written Project Description: Devpost project story format covering what it does, how it was built, challenges, learnings, and future plans.
  5. Dataset Documentation: Details of the test data, its source, and findings.
  6. Accuracy Report: Self-assessment of findings accuracy (false positives, missed artifacts, hallucinations) and a documented evidence integrity approach (how original data is protected).
  7. Try-It-Out Instructions: Live deployment URL or step-by-step instructions for local execution on the SIFT workstation, including dependencies.
  8. Agent Execution Logs: Structured logs showing full agent communication, tool execution sequences, timestamps, and token usage (or agent-to-agent logs for multi-agent systems).

Judging Criteria

Judging criteria are not explicitly detailed but will likely focus on the effectiveness, autonomy, self-correction capabilities, accuracy, and architectural soundness of the AI agents in performing incident response tasks.

Prizes

  • 1st Place (SLAYED EVIL): $10,000 cash, SANS Summit pass + hotel + SANS OnDemand course (per member), Presentation on SANS Webcast/Livestream.
  • 2nd Place (HUNTED EVIL): $7,500 cash, SANS Summit pass + hotel + SANS OnDemand course (per member), Presentation on SANS Webcast/Livestream.
  • 3rd Place (FOUND EVIL): $4,500 cash, SANS OnDemand course (per member). Total prize pool: $22,000+ in cash.

Ready to build for this one?

Generate a shortlist of buildable, judge-friendly ideas scoped to this hackathon's theme, budget, and stack — in about 30 seconds.

Generate ideas