Skip to main content

BreachResponse

AI-Powered Active-Defense Security Monitoring for Mantle Network.

BreachResponse is a production-grade Web3 security platform that combines on-chain monitoring, AI-powered threat classification, decentralized consensus validation, and human-approval-gated incident response into a single integrated system. It protects smart contract protocols deployed on Mantle by detecting exploits before they drain value and executing emergency countermeasures under operator supervision.

The Problem

Smart contract exploits stole over $3.5 billion from DeFi protocols in 2024 alone. Reentrancy attacks, oracle manipulation, flash loan exploits, and governance attacks continue to devastate protocols despite years of auditing tooling. The fundamental gap is time: traditional auditing finds vulnerabilities before deployment, but exploits happen in seconds. By the time a human operator notices a suspicious transaction, the funds are already gone.

Existing solutions fall into two categories that both fail at the critical moment:

ApproachLimitation
Pre-deployment auditing (static analysis, formal verification)Cannot predict all runtime attack vectors. An audited contract can still be exploited.
Post-mortem monitoring (block explorers, alert bots)Alerts arrive after the transaction is confirmed. Too late to stop the drain.
Manual multisig interventionHuman reaction time is 30-120 seconds. Exploits execute in under 3 seconds.

The Solution

BreachResponse introduces active-defense monitoring -- a real-time pipeline that watches every block on Mantle, classifies suspicious transactions with AI, validates threats through decentralized consensus, and gates emergency responses behind operator approval.

The platform operates as three integrated layers:

┌─────────────────────────────────────────────────────────────┐
│                    BREACH RESPONSE                           │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│  ┌──────────────┐    ┌──────────────┐    ┌──────────────┐  │
│  │   MONITOR    │───▶│   DETECT     │───▶│   RESPOND    │  │
│  │              │    │              │    │              │  │
│  │  Block Scan  │    │  AI Classify │    │ Human Gate   │  │
│  │  Event Logs  │    │  Consensus   │    │  Multisig    │  │
│  │  Mempool     │    │  Validate    │    │  Pause Tx    │  │
│  └──────────────┘    └──────────────┘    └──────────────┘  │
│                                                             │
│  Python Sentinel Agent  ◀──▶  Next.js Command Center        │
│  Mantle Sepolia RPC    ◀──▶  Neon PostgreSQL               │
│  SentinelRegistry      ◀──▶  GenLayer Consensus Guard      │
│                                                             │
└─────────────────────────────────────────────────────────────┘

Key Capabilities

⛓️ Real-Time Block Scanning

The Python Sentinel Agent connects to Mantle Sepolia RPC and scans every new block. It filters transactions targeting registered protocol contracts, groups event logs by transaction hash to detect reentrancy patterns, and feeds suspicious activity into the AI classification pipeline -- all within seconds of block confirmation.

🧠 AI-Powered Threat Classification

Dual-LLM architecture using Groq (Llama 3.1-8B-Instant) and Tencent Hunyuan running in parallel. Each model independently classifies the threat severity, confidence, and recommended action. Results are compared side-by-side so operators can assess model agreement before acting.

🔐 Decentralized Consensus Guard

Incidents that pass AI classification are submitted to a GenLayer smart contract deployed at 0x86369EC44fbB5EB682729368557176858aBe0c73 on GenLayer StudioNet. Validators run nondeterministic LLM evaluation in parallel and must reach consensus before an incident is marked as approved.

Human Approval Gate

All emergency actions -- pausing protocols, quarantining addresses -- require explicit operator approval through the Next.js Command Center dashboard. Autonomous mode can be enabled for allowlisted contracts and value-capped actions, but the default is always manual approval.

Command Center Dashboard

A Next.js single-page application with real-time SSE telemetry, threat history tables, sentinel node management, contract auditing tooling, gas estimation, and value-monitored metrics. Built with RainbowKit wallet integration for Mantle Sepolia chain.

Architecture at a Glance

ComponentTechnologyRole
FrontendNext.js 16 + Tailwind CSS + Wagmi/ViemCommand Center dashboard, API routes
Sentinel AgentPython 3.11+ + Web3.py + OpenAI SDKBlock scanning, threat detection, response execution
Smart ContractsSolidity 0.8.24 + HardhatSentinelRegistry on Mantle Sepolia, TargetVault
AI ClassificationGroq (Llama 3.1) + HunyuanParallel threat analysis with consensus comparison
ConsensusGenLayer StudioNet + Python contractValidator-based incident evaluation
DatabaseNeon PostgreSQL + Upstash RedisTelemetry persistence, sentinel state, event bus
DeploymentVercel (frontend) + Railway (agent)Production hosting

Contract Addresses

ContractNetworkAddress
SentinelRegistryMantle Sepolia (chainId 5003)0xea3C039795B5b04105B795c8B0cB85e0a42Cc85C
Consensus GuardGenLayer StudioNet0x86369EC44fbB5EB682729368557176858aBe0c73

Getting Started

Jump into the Getting Started guide for a 5-minute setup, or dive into the Architecture section for a deep technical walkthrough of every system component.

Warning: BreachResponse is designed for Mantle Sepolia testnet in its current deployment. Do not point the agent at mainnet without thorough review, additional security measures, and a production multisig setup. Autonomous mode carries inherent risk -- always start with manual mode.