The Challenge
AI threats can compromise systems in under 8 minutes, while human response times are significantly slower. This hackathon challenges you to build autonomous AI agents on the SANS SIFT Workstation to close this gap, teaching AI to think like a senior incident responder, sequence its approach, recognize anomalies, and self-correct.
Tracks / Categories
No specific tracks are mentioned, but the focus is on improving AI-driven incident response capabilities.
Required Tech & Constraints
- Platform: SANS SIFT Workstation (a platform with 200+ incident response tools).
- Framework: Protocol SIFT (a framework connecting AI agents to SIFT tools via Model Context Protocol - MCP).
- Team Size: Up to 5 participants. Solo participation is permitted.
- Supported Architectural Approaches:
- Direct Agent Extension (Claude Code / OpenClaw)
- Custom MCP Server
- Multi-Agent Frameworks (AutoGen, CrewAI, LangGraph)
- Alternative Agentic IDEs (Cursor, Cline, Aider)
- Open Source: Submissions must be open-source (MIT or Apache 2.0 license).
Submission Requirements
All eight components are required:
- Code Repository: Public GitHub repository with an open-source license (MIT or Apache 2.0).
- Demo Video: Maximum 5 minutes. Screencast of live terminal execution with audio narration, showcasing agent operation, real case data, and at least one self-correction sequence.
- Architecture Diagram: Illustrating component connections, chosen architectural pattern, and security boundaries (prompt-based vs. architectural guardrails).
- Written Project Description: Devpost project story format covering what it does, how it was built, challenges, learnings, and future plans.
- Dataset Documentation: Details of the test data, its source, and findings.
- Accuracy Report: Self-assessment of findings accuracy (false positives, missed artifacts, hallucinations) and a documented evidence integrity approach (how original data is protected).
- Try-It-Out Instructions: Live deployment URL or step-by-step instructions for local execution on the SIFT workstation, including dependencies.
- Agent Execution Logs: Structured logs showing full agent communication, tool execution sequences, timestamps, and token usage (or agent-to-agent logs for multi-agent systems).
Judging Criteria
Judging criteria are not explicitly detailed but will likely focus on the effectiveness, autonomy, self-correction capabilities, accuracy, and architectural soundness of the AI agents in performing incident response tasks.
Prizes
- 1st Place (SLAYED EVIL): $10,000 cash, SANS Summit pass + hotel + SANS OnDemand course (per member), Presentation on SANS Webcast/Livestream.
- 2nd Place (HUNTED EVIL): $7,500 cash, SANS Summit pass + hotel + SANS OnDemand course (per member), Presentation on SANS Webcast/Livestream.
- 3rd Place (FOUND EVIL): $4,500 cash, SANS OnDemand course (per member).
Total prize pool: $22,000+ in cash.