ShieldAI is an autonomous AI security agent that protects your wallet 24/7 by monitoring token approvals in real-time and automatically revoking malicious transactions before they drain your funds
ShieldAI - AI-Powered Autonomous Wallet Guardian
THE PROBLEM:
$1.7 billion lost annually to crypto phishing attacks. The #1 attack vector? Malicious token approvals. Users unknowingly grant unlimited access to scam contracts, and by the time they realize it, their funds are gone. Existing solutions require constant manual monitoring—an impossible task for regular users.
THE SOLUTION:
ShieldAI is the first fully autonomous AI security agent for Web3. It monitors every token approval in real-time, analyzes contract bytecode using GPT-4 to detect malicious patterns, automatically revokes dangerous approvals via MetaMask delegations—all without any user intervention.
HOW IT WORKS:
1. User creates a MetaMask Hybrid Smart Account and grants ShieldAI limited revocation permissions (one signature, approve-only)
2. Envio HyperIndex monitors all approvals in real-time, triggering webhooks instantly
3. Backend receives approval events and fetches the spender contract's bytecode
4. AI analyzes bytecode for malicious patterns: transferFrom calls, owner privileges, honeypots, hidden backdoors
5. If threat detected (risk score >70), backend redeems delegation and revokes approval automatically
6. User's dashboard updates in real-time via GraphQL subscriptions—threat neutralized in <1 second
TECHNICAL INNOVATION:
- Envio webhooks as soon as approvals happen allow the system to revoke malicious approvals in seconds
- AI-powered bytecode analysis using GPT-4—detects threats humans can't see by analyzing EVM opcodes
- Real-time threat response via Envio Effect API webhooks—sub-second detection and revocation
- Production-grade architecture: Next.js frontend, Railway backend, PostgreSQL, full TypeScript
- MetaMask Hybrid Smart Accounts—full delegation support with browser wallet compatibility
- Deployed on Monad Testnet—leverages high-performance EVM for instant finality
KEY FEATURES:
✅ Zero-friction onboarding: Email/social/wallet login via Privy
✅ One-click protection: Create smart account + grant delegation in 2 steps
✅ AI threat detection: GPT-4 analyzes contract bytecode for malicious patterns
✅ Autonomous revocation: Threats cancelled automatically via delegations
✅ Real-time dashboard: Live approval monitoring with GraphQL subscriptions
✅ Beautiful UI: Modern, responsive design with comprehensive onboarding flow
WHAT WE BUILT:
- Smart contracts: UserRegistry for protected accounts tracking, deployed malicious test contract
- Envio indexer: Real-time approval monitoring with Effect API webhook integration
- Backend API: Delegation storage, webhook endpoints, AI threat detection, delegation redemption
- AI module: GPT-4 bytecode analysis detecting transferFrom calls, owner privileges, honeypots, backdoors
- Frontend: Full onboarding flow, smart account creation, delegation signing, real-time dashboard, demo mode
- Complete integration: End-to-end flow from approval detection to auto-revocation in <1 second
REAL-WORLD IMPACT:
This solves a $1.7B/year problem with truly autonomous protection. Users set it up once and never worry about malicious approvals again. No manual monitoring, no constant vigilance—just intelligent, automatic protection powered by AI and MetaMask's delegation framework.
⚠️ DISCLAIMER: This project uses MetaMask Hybrid Smart Accounts on Monad Testnet. Smart accounts are experimental technology. This is a proof-of-concept demo built for educational and hackathon purposes. Always exercise caution with real funds.
GitHub: https://github.com/officialcmg/shieldai
App: https://shieldai-demo.netlify.app/
