BGIN Security Agentic AI Project

Working Group(s) Cyber Security
1

New thread for the AI Agent Security Project

Notes from 27/01

1 Like
2

BGIN Working Session — Minutes (Jan 27, 2026, 8:00 AM ET)

What we did

  • Demo of the blockchain security incident analysis agent using a local database of documented incidents (including 3 additional cases).

  • Discussed how the agent extracts IOCs and produces actionable insights (risk categories + checklist/action plan).

Data & grounding

  • Incident docs are built via manual review (white papers, technical docs, on-chain tools such as Etherscan).

  • Emphasized reliable grounding to avoid hallucinations.

  • Discussed that org/internal documents could also be used as information sources.

Architecture

  • Two-agent design:

    • Provenance graph construction agent

    • Graph utilization agent

  • Graph can be hosted remotely (or locally) and accessed via HTTP API.

  • Example graph discussed: 96 nodes / 180 edges (2017–2026).

UI / visualization

  • Need for a graph visualization UI to explore relationships.

  • Discussed a tranche-based update approach for privacy-controlled releases.

Contribution guidelines

  • Need a clear contribution format.

  • Proposed input types: machine-readable (IOCs), human-readable narrative, and a formal/legal-oriented input type when applicable.

Communication

  • Discourse will host public-facing notes.

  • Slack will be used for internal discussion, with summaries posted to Discourse after calls.

  • Repo access (private or public) will be shared with the group via Slack.

Action items

  • Shohei: Upload slides + meeting notes to the Discourse thread (and related channel as discussed).

  • Virgin Tech team: Prepare a basic service design with examples based on feedback and mechanisms.

  • Virgin Tech team: Share repository access (private or public) via Slack.

  • Mitchell: Post an overlay document comparing the private self-sovereign duality architecture with the current system to Discourse.

  • Team: Establish a UI/UX feedback loop.

  • Team: Develop contribution guidelines with clear format expectations.

Next meeting

1 Like
3

Feb 3, 2026

Updates & Demos

  • Workflow: Reiss presented the high-level workflow and RAG query tool.

  • Data Sources: Identified new RAG sources (Exploits site with on-chain indicators, SlowMist GitHub, Ethereum sources, MISP/OpenCTI).

  • UI: Luke demonstrated the graph-based UI (Lovable), showing event nodes, connections, and commenting features.

  • Telegram Bot: Mitchell demonstrated the public-facing bot (using Bonfires AI) and confirmed Japanese language support.

Infrastructure

  • Confidentiality: Shohei noted the need to operate on a private institution’s system rather than the university cloud after Block 14.

  • Hardware: Discussed using a single machine (e.g., Mac mini, AI mini PC) at a member’s home. Mentioned potential future migration to commercial on-premise services (e.g., NEC).

  • Separation: Mitchell proposed separating the “BEGIN AI Knowledge Base” (Open) and “BEGIN Security AI” (High Security).

Action Items

  • Shohei/Team: Prepare a demo for next week that allows participants to give feedback.

  • Mitchell: Share the Telegram bot account for testing by ISAC members.

  • All: Discuss operation environment (including deployment alternatives) and physical asset governance at Block 14.

Next Meeting

1 Like
4

Feb 10, 2026

BGIN Agent

  • Demonstrated multi-agent architecture (Archive, Codecs, Discourse agents) for blockchain security incident analysis. Current UI is from Block 13 and needs significant simplification for Block 14 — wallet integration and auth scaffold are out of scope. UI to be tailored to each agent’s purpose; details to be discussed async in Slack.

Systerrae

  • Demonstrated provenance graph feature with relationship visualization and lineage tracing. Provenance graph and knowledge graph need to be separated, and an access control mechanism is required for the Block 14 beta launch. Front-end/back-end security issues from Block 13 also need to be resolved.

JP Crypto ISAC Integration

  • Proposed connecting a Telegram/Slack bot to the episodic knowledge graph for JP Crypto ISAC members via a private channel. The bot could also post to Discourse as an agentic identity, enabling human-agent collaboration (API endpoints already exist).

Block 14 Planning

  • Two 90-min sessions on Day 1 (Room A): Session 1 on proposals/governance, Session 2 on a practical agent demo.

  • Expected participants include representatives from U.S. government agencies and ISAC members. Project overview materials needed for new participants.

Action Items

  • Discuss UI/UX in Slack before next meeting

  • Shohei: prepare user workflow examples (with screenshots) and implementation alternatives

  • Investigate JP Crypto ISAC external access; create a 2-page plan and upload to Discord

  • Build Telegram bot connected to info-sec knowledge graph

  • Invite relevant stakeholders to next call to align on Block 14 presentations