--- title: SHADOW Kenyan Fraud Intelligence emoji: πŸ›‘οΈ colorFrom: red colorTo: gray sdk: streamlit sdk_version: 1.35.0 app_file: app.py pinned: false --- # SHADOW β€” Kenyan Fraud Intelligence System > AMD Developer Hackathon 2026 Β· Agentic AI Track ## Project Overview Shadow is an advanced OSINT + LLM Hybrid Agentic Pipeline designed specifically to detect, analyze, and neutralize Kenyan-specific mobile fraud vectors. The system mitigates the impact of localized scams such as M-Pesa reversal fraud, Fuliza exploitation, KRA impersonation, and betting-related phishing. Shadow solves the "Data Cold Start" problem by employing a hybrid architecture: it merges deterministic Open Source Intelligence (OSINT) with an explainable, multi-agent Large Language Model (LLM) pipeline. This ensures highly accurate classification, context-aware reasoning, and actionable mitigation strategies tailored to the Kenyan demographic, including support for English, Swahili, and Sheng dialects. ## Architecture Diagram ```text [ Incoming SMS / Message ] β”‚ β–Ό β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ OSINT Intelligence Layerβ”‚ β”‚ (core/osint_dataset.py) β”‚ β”‚ - Deterministic Check β”‚ β”‚ - Keyword Matching β”‚ β”‚ - Scam Taxonomy Mapping β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β–Ό β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ Agent Pipeline Engine β”‚ β”‚ (agents/pipeline.py) β”‚ β”‚ β”‚ β”‚ 1. Language Agent β”‚ β”‚ 2. Threat Agent β”‚ β”‚ 3. Risk Agent β”‚ β”‚ 4. Action Agent β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β–Ό β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ AMD vLLM / Qwen Bridge β”‚ β”‚ (core/llm_client.py) β”‚ β”‚ - Context Injection β”‚ β”‚ - Reasoning Engine β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β–Ό [ Explainable JSON Output & Execution Log ] β”‚ β–Ό β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ Streamlit Live Dashboardβ”‚ β”‚ (app/main.py) β”‚ β”‚ - Real-time Analysis UI β”‚ β”‚ - Execution Timeline β”‚ β”‚ - Risk Scoring Display β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ ``` ## Agent Pipeline Flow 1. **OSINT Pre-Analysis (Hybrid Intelligence Mode)**: Messages are instantly matched against known Kenyan scam topologies to provide a deterministic baseline. 2. **Language Agent**: Detects the dialect (English, Swahili, Sheng) and standardizes the context for subsequent analysis. 3. **Threat Agent**: Analyzes the intent of the message based on localized threat vectors. 4. **Risk Agent**: Computes a continuous risk score (0-100) and categorizes severity. 5. **Action Agent**: Determines the recommended user action (e.g., Block, Report to Safaricom, Ignore). ## Features - **Kenyan Fraud Detection**: Specialized in detecting hyper-local scams (e.g., M-Pesa, Fuliza, KRA, Hustler Fund). - **Sheng + Swahili Language Detection**: Seamlessly processes colloquialisms and mixed-language SMS typical in East Africa. - **OSINT-Driven Classification**: Fuses known deterministic scam indicators with probabilistic AI reasoning. - **Explainable AI Logs (`execution_log`)**: Glass-box observability that documents the exact reasoning step-by-step for full transparency. - **Streamlit Live Dashboard**: Interactive real-time web UI for threat analysis and execution timeline visualization. - **AMD Hardware Optimized**: Built to run on the AMD Developer Cloud utilizing vLLM and Qwen models, with a robust fallback mock mode for deterministic demos. ## Quick Start ```bash pip install -r requirements.txt streamlit run app/main.py ``` ## How to Run ### 1. Install Dependencies ```bash pip install -r requirements.txt ``` ### 2. Configure Environment ```bash # Copy the example environment file and add your AMD Cloud API key (optional β€” mock mode works without it) cp .env.example .env ``` ### 3. Launch the Streamlit Dashboard (Primary Interface) ```bash streamlit run app/main.py ``` The dashboard runs at `http://localhost:8501` and provides a full interactive UI for submitting messages, viewing risk scores, agent reasoning, and the step-by-step execution timeline. ### 4. Run Pipeline Smoke Tests (CLI) ```bash python scripts/test_pipeline.py ``` ## Future Work - **AMD MI300X Deployment**: Fully scale the vLLM integration on AMD MI300X infrastructure for enterprise-grade throughput. - **WhatsApp Bot Integration**: Directly parse user-forwarded messages for instant fraud scoring.