Hackathon: Using Opus to error-proof crucial cybersecurity analysis

Our digital environment is more vulnerable than ever.

As the integration of digitalization expands and generative AI advances harmful capabilities like deepfakes, malware, and phishing, enterprises and governments face increasingly urgent needs to bolster their cybersecurity.

But those needs are not currently being met at the rate that threats are growing.

Research from the International Monetary Fund forecasts that cybercrime will cost the world $23 trillion in 2027, up 175% from 2022.

Meanwhile, cybersecurity firm Deepstrike reports that as of late 2025, the global shortage of cybersecurity professionals has reached a record high of approximately 4.8 million unfilled positions. And as attacks rise in frequency, SOC (security operations center) teams face alert fatigue and slow manual triage.

At the same time that AI presents new risks to cybersecurity, it also presents new solutions. SentinelOne predicts that the technology will be able to help cut employee-driven cybersecurity incidents by 40% in 2026 and “remove the need for specialized knowledge from 50% of entry-level roles by 2028.”

Opus integrates agentic AI with expert human review to address the need for many of these solutions. Using Opus, one Hackathon team demonstrated just how effectively that can be done.

The team – Nayab Kanwal, Saarah Zareen, Fathima Amna Afsha, Aivy Rodrigues, Mahek Trivedi – designed an AI-powered Tier-0 SOC Analyst workflow, built on Opus, which automated intake, analysis, risk scoring, and reporting to cut false positives and improve efficiency.

See how they did it here:

We built a simple UI where analysts can upload emails, syslogs, SIEM logs, file metadata, text, and URLs in formats like TXT, PDF, CSV, or direct links.

The UI securely sends all inputs to Opus via API, ensuring wide coverage and strong integration. Opus extracts raw content and normalises everything into a unified JSON structure with reliable validation and retry logic. Large-scale IoC extraction identifies IPs, domains, URLs, hashes, and email IDs.

Since external services were unreliable, we built a RAG module to classify suspicious or malicious patterns. All IoCs then go through an enrichment stage that adds context, reputation, threat tags, domain age, and confidence, producing a consistent enriched dataset.

Two decision nodes handle triage: the first checks whether an IoC is malicious. Clean IoCs go straight to output for automatic report generation, while malicious ones are severity-scored and reviewed by AI.

The second node checks if the severity is equal to or greater than 70. Lower scores generate tickets automatically; higher scores trigger human review before finalisation. AI review occurs at key stages—normalised data, enriched IoCs, severity, and final ticket—while human review is reserved for high-risk cases.

The workflow ends by generating a report and audit trail, displayed on the UI for full visibility. The system aligns with the UAE and GCC visions in the Middle East by demonstrating a secure, efficient, and scalable AI-driven cybersecurity model.

Note: Add our RAG PDF to the RAG Extraction input: https://drive.google.com/file/d/1HYgv4h4W0oWzx2wcMFyGerX1e-4Ba-X5/view

You can also generate your own PDF API key and add it to the Bearer Auth field in the Report and Audit Artefact Generation node.

—

Opus exists to ensure security, auditability, and efficiency in mission-critical workflows where slip-ups are not an option. Equipped with built-in ISO compliance guardrails, its technology is designed to keep your operations error-free and secure – whether you’re a hackathon team or a global enterprise.

Get in touch to find out how Opus can provide solutions for your business.