Kestrion — Multi-Agent Cyber Investigation System

Kestrion is a multi-agent cybersecurity command center built on Band's collaboration platform. When a suspicious email, login alert, or security threat is submitted, six specialized AI agents are deployed into a shared Band investigation room where they analyze, debate, and resolve the incident together. What makes Kestrion different from other AI security tools is genuine agent disagreement. Most multi-agent systems have agents that simply agree and summarize. Kestrion includes a dedicated Red Team Agent that actively challenges the Risk Agent's conclusions — identifying weak evidence, proposing alternative explanations, and forcing a rebuttal. The final risk score emerges from real AI-to-AI reasoning, not a fixed pipeline. The six agents each have a unique role: The Intake Agent classifies the incident and creates a Band investigation room. The Threat Intelligence Agent analyzes domains and URLs for phishing indicators. The Evidence Agent cross-references login history and builds a timeline. The Risk Assessment Agent calculates a risk score from 0 to 100. The Red Team Agent challenges the weakest evidence. The Response Agent generates a prioritized containment plan and board-level executive summary. Every investigation is fully traceable — each agent posts its findings to a shared Band room with timestamps, creating a complete audit trail for compliance and regulatory review. Critical containment actions require explicit human approval before execution, ensuring human oversight is maintained throughout. Kestrion demonstrates how Band's agent collaboration layer can power regulated, high-stakes enterprise workflows where transparency, traceability, and careful decision-making are not optional — they are required.