BGIN Security Agentic AI Project

New thread for the AI Agent Security Project

Notes from 27/01

BGIN Working Session — Minutes (Jan 27, 2026, 8:00 AM ET)

What we did

• Demo of the blockchain security incident analysis agent using a local database of documented incidents (including 3 additional cases).

• Discussed how the agent extracts IOCs and produces actionable insights (risk categories + checklist/action plan).

Data & grounding

• Incident docs are built via manual review (white papers, technical docs, on-chain tools such as Etherscan).

• Emphasized reliable grounding to avoid hallucinations.

• Discussed that org/internal documents could also be used as information sources.

Architecture

• Two-agent design:

  • Provenance graph construction agent

  • Graph utilization agent

• Graph can be hosted remotely (or locally) and accessed via HTTP API.

• Example graph discussed: 96 nodes / 180 edges (2017–2026).

UI / visualization

• Need for a graph visualization UI to explore relationships.

• Discussed a tranche-based update approach for privacy-controlled releases.

Contribution guidelines

• Need a clear contribution format.

• Proposed input types: machine-readable (IOCs), human-readable narrative, and a formal/legal-oriented input type when applicable.

Communication

• Discourse will host public-facing notes.

• Slack will be used for internal discussion, with summaries posted to Discourse after calls.

• Repo access (private or public) will be shared with the group via Slack.

Action items

• Shohei: Upload slides + meeting notes to the Discourse thread (and related channel as discussed).

• Virgin Tech team: Prepare a basic service design with examples based on feedback and mechanisms.

• Virgin Tech team: Share repository access (private or public) via Slack.

• Mitchell: Post an overlay document comparing the private self-sovereign duality architecture with the current system to Discourse.

• Team: Establish a UI/UX feedback loop.

• Team: Develop contribution guidelines with clear format expectations.

Next meeting

• Feb 3, 2026, 8:00 AM ET

  BGIN Agent Summary 1_27_2026 (1).pdf (725.0 KB)

Feb 3, 2026

Updates & Demos

• Workflow: Reiss presented the high-level workflow and RAG query tool.

• Data Sources: Identified new RAG sources (Exploits site with on-chain indicators, SlowMist GitHub, Ethereum sources, MISP/OpenCTI).

• UI: Luke demonstrated the graph-based UI (Lovable), showing event nodes, connections, and commenting features.

• Telegram Bot: Mitchell demonstrated the public-facing bot (using Bonfires AI) and confirmed Japanese language support.

Infrastructure

• Confidentiality: Shohei noted the need to operate on a private institution’s system rather than the university cloud after Block 14.

• Hardware: Discussed using a single machine (e.g., Mac mini, AI mini PC) at a member’s home. Mentioned potential future migration to commercial on-premise services (e.g., NEC).

• Separation: Mitchell proposed separating the “BEGIN AI Knowledge Base” (Open) and “BEGIN Security AI” (High Security).

Action Items

• Shohei/Team: Prepare a demo for next week that allows participants to give feedback.

• Mitchell: Share the Telegram bot account for testing by ISAC members.

• All: Discuss operation environment (including deployment alternatives) and physical asset governance at Block 14.

Next Meeting

• February 10, 2026 at 8am

  BGIN 2_3.pdf (685.4 KB)

  0202_2026_BGIN-Agent.pdf (834.9 KB)