Isaak Karipidis

Slack + Discord agent system that runs security questions, reporting tasks, and evidence workflows over structured operational data (Postgres, AWS, EDR via MCP). Hardened ephemeral Docker execution per orchestrator (read-only rootfs, dropped caps, custom seccomp); proxy credential pattern keeps real AWS/Bedrock/OpenRouter/MCP credentials out of agent containers; six-network segmentation with five internal networks. Persistent conversation/session resume, full audit trail, encrypted per-MCP credentials. Q1 2026: 145 queries, $151.64 total AI cost, ~1,862 analyst-hours equivalent.

Internal security data foundation. PostgreSQL-backed source of truth that ingests AWS (EC2, RDS, S3, Route53, GuardDuty, Inspector incl. ECR, ELB, CloudFront), CrowdStrike sensor inventory, AWS VPC topology (SGs, NACLs, route tables, ENIs), and Cloudflare DNS into snapshot-versioned tables. Every cycle re-reconciles EC2 against Falcon, tagging each Falcon host as live-in-current-snapshot or stale — CrowdStrike retains records of long-dead hosts, so without this step coverage, missing-sensor, and sensor-version queries return wrong answers. BFS attack-path traversal per snapshot; SQL views + REST API + CLI feeding infrastructure, security, patching, and WARP dashboards. APScheduler + RQ jobs run under a non-MFA read-only collection role (Okta OIDC fallback for elevated multi-region sessions). RDS PII sanitizer, S3-backed snapshot backup/restore.

Automated finding triage pipeline. Pulls findings from the SecOps-Platform via MCP, fans out per-finding Docker containers in parallel, routes analysis through a Claude-via-Bedrock subagent, and lands one Jira ticket per finding (markdown→ADF via a dedicated converter service). Structured-logging stack with a verifiable HMAC-SHA256 audit chain (each event links the previous; tamper detection via chain replay), regex-based PII and secret redaction across 13+ categories, and a custom circuit breaker fronting Slack and Jira with file-fallback when open. 2,259 findings processed since Aug 2025 into Jira-backed remediation workflows.

General agent orchestration platform — not a library. MCP-first tool architecture, persistent streaming that survives reconnects, per-user encrypted credentials, two orchestration modes (delegation and synthesis), LLM self-correction on tool errors.

Production service layer on top of HKUDS/RAG-Anything (fork). Multi-tenant FastAPI wrapper that orchestrates document ingestion and unified naive / local / global / hybrid / mix retrieval over Qdrant (vectors), Neo4j (knowledge graph), and MinIO (raw documents) with ARQ/Redis driving async processing. Tenant + KB isolation via header-injected scoping, path-prefixed object storage, and per-collection workspaces. AWS Bedrock provider added for LLM, vision, and embeddings (Claude, Nova, Titan, Cohere) alongside OpenRouter and Voyage. MCP server exposes seven retrieval tools for agentic clients including Eleanor. Per-token cost tracking across 40+ models. Optimisations made in fork (content-hash deduplication, repeated-content noise filter, text-file PDF-roundtrip skip; PRs against upstream planned, not yet submitted).