ShieldAI is an autonomous AI security agent that protects your wallet 24/7 by monitoring token approvals in real-time and automatically revoking malicious approvals before they drain your funds
ShieldAI - AI-Powered Autonomous Wallet Guardian
THE PROBLEM:
$1.7 billion lost annually to crypto phishing attacks. The #1 attack vector? Malicious token approvals. Users unknowingly grant unlimited access to scam contracts, and by the time they realize it, their funds are gone. Existing solutions require constant manual monitoring—an impossible task for regular users.
THE SOLUTION:
ShieldAI is the first fully autonomous AI security agent for Web3. It monitors every token approval in real-time, analyzes contract bytecode using GPT-4 to detect malicious patterns, automatically revokes dangerous approvals via MetaMask delegations—all without any user intervention.
HOW IT WORKS:
1. User creates a MetaMask Hybrid Smart Account and grants ShieldAI limited revocation permissions (one signature, approve-only)
2. Envio HyperIndex monitors all approvals in real-time, triggering webhooks instantly
3. Backend receives approval events and fetches the spender contract's bytecode
4. AI analyzes bytecode for malicious patterns: transferFrom calls, owner privileges, honeypots, hidden backdoors
5. If threat detected (risk score >70), backend redeems delegation and revokes approval automatically
6. User's dashboard updates in real-time via GraphQL subscriptions—threat neutralized in <1 second
TECHNICAL INNOVATION:
- First security application of MetaMask Delegation Toolkit—granular, revocable permissions for autonomous protection
- AI-powered bytecode analysis using GPT-4—detects threats humans can't see by analyzing EVM opcodes
- Real-time threat response via Envio Effect API webhooks—sub-second detection and revocation
- Production-grade architecture: Next.js frontend, Railway backend, PostgreSQL, full TypeScript
- MetaMask Hybrid Smart Accounts—full delegation support with browser wallet compatibility
- Deployed on Monad Testnet—leverages high-performance EVM for instant finality
KEY FEATURES:
✅ Zero-friction onboarding: Email/social/wallet login via Privy
✅ One-click protection: Create smart account + grant delegation in 2 steps
✅ AI threat detection: GPT-4 analyzes contract bytecode for malicious patterns
✅ Autonomous revocation: Threats cancelled automatically via delegations
✅ Real-time dashboard: Live approval monitoring with GraphQL subscriptions
✅ Beautiful UI: Modern, responsive design with comprehensive onboarding flow
WHAT WE BUILT:
- Smart contracts: UserRegistry for protected accounts tracking, deployed malicious test contract
- Envio indexer: Real-time approval monitoring with Effect API webhook integration
- Backend API: Delegation storage, webhook endpoints, AI threat detection, delegation redemption
- AI module: GPT-4 bytecode analysis detecting transferFrom calls, owner privileges, honeypots, backdoors
- Frontend: Full onboarding flow, smart account creation, delegation signing, real-time dashboard, demo mode
- Complete integration: End-to-end flow from approval detection to auto-revocation in <1 second
REAL-WORLD IMPACT:
This solves a $1.7B/year problem with truly autonomous protection. Users set it up once and never worry about malicious approvals again. No manual monitoring, no constant vigilance—just intelligent, automatic protection powered by AI and MetaMask's delegation framework.
ShieldAI brings enterprise-grade security to everyday Web3 users through an intuitive, set-and-forget interface. Unlike technical tools that require constant monitoring, ShieldAI works automatically—login once, grant delegation, and you're protected forever. With beautiful onboarding, real-time visual feedback, and zero ongoing effort, it makes Web3 safe for mass adoption.
The app solves a $1.7B/year problem (malicious token approvals) that affects EVERY crypto user, from beginners to experts. By combining AI-powered threat detection with MetaMask's delegation framework, we've created the first truly autonomous consumer security product.
Perfect for: Anyone using DeFi, NFT collectors, crypto beginners, power users—everyone who approves tokens needs ShieldAI.
⚠️ DISCLAIMER: This project uses MetaMask Hybrid Smart Accounts on Monad Testnet. Smart accounts are experimental technology. This is a proof-of-concept demo built for educational and hackathon purposes. Always exercise caution with real funds.
**🔗 Smart Contracts (Solidity + Foundry)** * Deployed **UserRegistry** on Monad Testnet for tracking protected accounts * Added `register/unregister` with event emission for indexing * Built **malicious test contract** and **test ERC20 (USDC)** for AI analysis * Verified all contracts on Monad Explorer **📊 Envio HyperIndex Integration** * Configured **indexer** for `Approval` event tracking * Connected **Effect API webhook** for real-time alerts * Added event handlers + GraphQL schema for frontend queries/subscriptions * Deployed indexer to Envio Cloud **⚙️ Backend (Node.js + Express + PostgreSQL)** * Built REST API + `/api/webhook/approval` endpoint for Envio events * Added **AI threat detection** with GPT-4 + bytecode analysis * Implemented **delegation redemption** via MetaMask Delegation Toolkit * Integrated **viem** for blockchain ops and stored data in PostgreSQL * Deployed to **Railway** **🤖 AI Threat Detection** * Used **GPT-4** for bytecode analysis and malicious pattern detection * Detected transferFrom, backdoors, honeypots, owner privileges, etc. * Implemented **risk scoring (0–100)** and fallback handling * Fetched bytecode via **viem publicClient** **🎨 Frontend (Next.js + TailwindCSS)** * Built landing page + 4-step onboarding (education → registration) * Created real-time **approval dashboard** with GraphQL subscriptions * Added **Privy auth**, **Delegation Toolkit**, and **ERC-4337 gasless txs** * Demo mode: unlimited & malicious approval tests * Deployed to **Netlify** **🔐 MetaMask Integration** * Implemented **Hybrid Smart Accounts** + granular delegations * Added `makeUnlimitedApproval` & `makeLimitedApproval` functions * Enabled **auto-revocation** via backend * Integrated **ERC-4337 bundler** for gasless UX **📱 UX Enhancements** * Fully responsive design, gradients, animations, and tooltips * Real-time updates, loading states, and instant feedback * 🔥 **Revoked approvals** highlighted visually **🧪 Testing & Deployment** * Full end-to-end testing: approval → AI analysis → auto-revoke * Deployed contracts, backend, and frontend (Monad + Envio + Railway + Netlify) * Achieved **sub-second response times** for threat detection