Aegis — Autonomous Incident-Response Band

Aegis turns a single security alert into a fully coordinated incident response — run by a band of AI agents, not one chatbot. When a credential-theft + data-exfiltration alert fires on a billing server holding 48,000 customer records, a Triage Analyst scores it CRITICAL and recruits a response team at runtime. A Forensics Investigator reconstructs the kill chain and blast radius; a Threat Intel Analyst attributes the actor and maps MITRE ATT&CK; a Remediation Planner designs containment but blocks on human approval before any destructive action; and a Compliance Officer determines GDPR/HIPAA/PCI/CCPA notification duties and drafts the filings — each gated by a human SOC Lead. What makes this only-possible-on-Band: the five agents are built on three different frameworks (LangGraph, CrewAI, Pydantic AI), yet discover and coordinate purely through a shared Band room — @mention routing, runtime recruitment via platform tools, native human-in-the-loop approvals, and a unified audit trail. No hardcoded agent-to-agent wiring. The signature payoff: the court-ready incident audit report is reconstructed entirely from Band's immutable room trail — every handoff, tool call, and human approval. All LLMs run on Groq (Llama 3.3) for low-latency coordination. The project ships with a deterministic test suite (17 passing), a live Groq mode, and a beautiful Next.js command-center UI deployable to Vercel. Five agents, three frameworks, one human, one room — orchestrated by Band.