🤖 AI-Powered · Phase 1 Prototype

Third-Party Vendor
Risk Monitoring

CRAG — Cognitive Resilience and Automated Governance. Continuous, automated cybersecurity risk scoring for your vendor ecosystem.

✅ No setup required🔒 Local data only⚡ Real-time monitoring

Everything You Need for Vendor Risk Governance

🏢

Vendor Onboarding

Register vendors with name, category, criticality, and status in seconds.

🧠

AI Risk Scoring

Dynamic risk scores (0–100) recalculated every 10 seconds using intelligent simulation.

📊

Live Dashboard

Real-time KPI cards, doughnut charts, and live vendor monitoring with auto-refresh.

🔔

Automated Alerts

Instant alerts when vendor risk crosses the critical threshold of 70.

📜

Audit Trail

Append-only governance ledger tracking every system event for compliance.

🔐

Role-Based Access

Admin sees everything. Vendors see only their own risk data and alerts.

10sRisk Update Cycle

100%Automation

24/7Monitoring

0Manual Effort

Ready to Monitor Your Vendor Ecosystem?

Login as Admin for full access or as a Vendor to view your risk profile.

Dashboard

TOTAL VENDORS 0

LOW RISK 0

MEDIUM RISK 0

HIGH RISK 0

Risk Distribution

Live Vendor Monitor

Loading vendors...

Onboard New Vendor

Vendor Name

Category

Vendor Domain

Criticality

Status

ID	Name	Verification	Criticality	Score	Actions
No vendors found.

Real-time alerts triggered by intelligent risk evaluation.

No active high-risk alerts.

Immutable ledger of all vendor state changes and system events.

#	Timestamp	Vendor	Action	Details

🔑

Vendor Logins

Manage authentication credentials and user accounts.

Create Account

Username

Password

Display Name

Role

Linked Vendor ID

Username	Password	Name	Role	Linked ID	Actions

🚀

How CRAG Works

Understanding the Cognitive Resilience and Automated Governance framework

🧠

How It Was Developed

CRAG was developed as a Phase-1 prototype to validate continuous, automated third-party vendor risk monitoring. The system uses a FastAPI + SQLAlchemy backend with SQLite for data persistence, and a vanilla HTML/CSS/JS frontend with Chart.js for visualization.

The risk engine employs a weighted random-walk algorithm with mean-reversion to simulate realistic AI-driven risk scoring every 10 seconds. This approach validates the CRAG concept before integrating real ML models in Phase-2.

📋

How to Use

1. Onboard Vendors — Go to the Vendors page, fill in vendor name, category, criticality, and status, then click "+ Add Vendor".
2. Monitor Dashboard — The Dashboard shows live risk scores, KPI cards, and a doughnut chart updated every 5 seconds.
3. View Details — Click any vendor card or table row to open a detailed popup with risk gauge, analysis, alerts, and audit trail.
4. Check Alerts — The Alerts page shows all high-risk events (score > 70) with timestamps.
5. Review Audit Log — Every action is recorded in the append-only audit trail for governance compliance.

⚙️

Architecture

Backend Python · FastAPI · SQLAlchemy · APScheduler

Frontend HTML5 · CSS3 · JavaScript · Chart.js

Database SQLite (append-only audit design)

Engine Weighted random-walk + mean-reversion simulation

🗺️

Roadmap

Phase 1 — Functional Prototype
Vendor onboarding, risk simulation, dashboard, alerts, audit log ✅

Phase 2 — AI Integration
Trained ML models, NLP-based threat intelligence, advanced analytics

Phase 3 — Blockchain Audit
Immutable audit trail, smart contract governance, multi-org federation

🛡️

About CRAG

Cognitive Resilience and Automated Governance

Our Mission

CRAG (Cognitive Resilience and Automated Governance) is a research-driven initiative to transform how organizations manage third-party vendor cybersecurity risk. Traditional TPRM processes are periodic, manual, and reactive — CRAG makes them continuous, automated, and intelligence-driven.

Our system continuously monitors vendor risk posture using AI-powered scoring engines, providing real-time dashboards, automated alerting, and tamper-resistant audit trails — enabling proactive risk governance instead of after-the-fact compliance checks.

🎯

Vision

To create an industry-standard framework for automated third-party risk monitoring that combines artificial intelligence, real-time analytics, and blockchain-backed governance for complete supply chain cyber resilience.

💡

Innovation

CRAG bridges the gap between traditional periodic assessments and the need for continuous intelligence. By simulating vendor risk dynamics in real-time, security teams gain predictive visibility into their vendor ecosystem.

🏗️

Key Capabilities

Centralized vendor registry with dynamic categorization
Continuous AI-simulated risk scoring (0–100 scale)
Real-time executive dashboard with live analytics
Automated high-risk alerting and notification
Append-only audit trail for regulatory compliance

📊

Impact Metrics

10sRisk Update Cycle

100%Automation Coverage

24/7Continuous Monitoring

0Manual Intervention

✉️

Contact Us

Get in touch with the CRAG team

Send a Message

Your Name

Email Address

Subject

Message

Contact Information

📧

Email
crag.monitor@gmail.com

🌐

Website
crag-monitor.web.app

📍

Location
Hyderabad, India

⏰

Response Time
Within 24 hours

📄

Terms & Privacy Policy

Legal information and data handling practices

📜 Terms of Service

1. Acceptance of Terms

By accessing the CRAG Vendor Risk Monitoring System, you agree to be bound by these terms. This prototype is provided for educational and research purposes as part of the CRAG framework validation.

2. Use of Service

CRAG is a Phase-1 prototype designed for vendor risk monitoring demonstration. The risk scores generated are simulations and should not be used as the sole basis for business decisions. The system is intended for proof-of-concept validation only.

3. Data Handling

All vendor data is stored locally in a SQLite database. No data is transmitted to external servers. The audit log provides a complete, append-only trail of all system operations for transparency.

4. Intellectual Property

The CRAG framework, its architecture, and associated documentation are proprietary. The system is developed as part of an academic research project.

🔒 Privacy Policy

Data Collection

CRAG collects only the vendor information you explicitly provide through the onboarding form. This includes vendor name, category, criticality level, and operational status. No personal user data is collected.

Data Storage

All data is stored locally on your machine in a SQLite database file (vendors.db). No cloud services or external databases are used. You maintain full control over your data.

Data Retention

Data persists in the local database until manually deleted. The audit log is designed as an append-only ledger and is not intended for deletion, aligning with the CRAG governance framework.

Third-Party Sharing

CRAG does not share any data with third parties. The system operates entirely on localhost with no external API calls or data transmissions.

👨‍💻

Developer

Meet the mind behind CRAG

PG

P Ganesh Krishna Reddy

Full-Stack Developer & Cybersecurity Researcher

Passionate about building intelligent systems at the intersection of cybersecurity and AI. The CRAG prototype is part of ongoing research into automated third-party risk management and governance frameworks.

Python FastAPI JavaScript (ES6+) SQLAlchemy Cybersecurity Machine Learning Vercel Deployment TPRM

🌐 Portfolio 💼 LinkedIn 🐙 GitHub

🏗️

Development Phases

Phase 1: Prototype — AI risk simulation & live dashboards (Current).
Phase 2: MVP — Data integrations, multi-tenancy & reporting.
Phase 3: Enterprise — Blockchain auditing & predictive analytics.

🧠

Risk Scoring Logic

Baseline — Derived from Criticality & Category weights.
Dynamic — Real-time recalculation using AI-simulated walks.
Thresholds — Automated alerts when risk > 70 (Critical).

🏗️

CRAG System Architecture

End-to-end architecture of the AI-driven vendor risk monitoring platform

🌐 CLIENT LAYER

🌐 CRAG Dashboard (UI)
HTML5 / CSS3 / JS
Chart.js Visualization

↓ REST API ↓

⚙ API / APPLICATION LAYER

⚙️ FastAPI Backend
Authentication Routes
Vendor Management API
Alerts & Audit API

↓

🧠 PROCESSING LAYER

🧠 Risk Simulation Engine
Weighted Risk Algorithm
APScheduler (10s cycle)
Vendor Monitoring Logic

↓

🗄 DATA LAYER

🗄️ SQLite Database
Vendor Registry
Append-Only Audit Logs
Alerts Storage

🛡️ Security Layer

Firebase Authentication
Role-Based Access Control
Secure REST APIs
Immutable Audit Trail

Technology Stack

Frontend: HTML5, CSS3, JavaScript, Chart.js
Backend: Python FastAPI
Scheduler: APScheduler
Database: SQLite
Authentication: Firebase Auth

📊 System Metrics

Risk Engine Cycle: 10 seconds

Vendors Monitored: ...

Alerts Generated: ...

Audit Log Entries: ...

Data Flow Explanation

Vendor data is submitted through the dashboard interface. The FastAPI backend processes the request and stores vendor information in the database. A scheduled risk simulation engine periodically evaluates vendor risk scores and updates the dashboard while generating alerts and append-only audit logs.

"CRAG implements a layered architecture enabling continuous vendor risk monitoring through automated scoring, real-time alerting, and secure audit logging."

📈

Implementation & Progress

A comprehensive look at our development journey and future roadmap

🏗️ What We Have Developed

We have successfully built a real-time third-party vendor risk monitoring platform (Phase 1 Prototype). Our implementation includes a Centralized Vendor Registry for seamless onboarding, a Dynamic Live Dashboard for risk visibility, and a robust Role-Based Access Control system that isolates Vendor views from System Administrator visibility. We also implemented an Append-Only Audit Log to track all major events and ensure governance compliance over time.

🛠️ Why This App & Tools?

The Problem: Traditional vendor risk assessments are sluggish, relying on point-in-time spreadsheets that leave organizations blind to sudden security threats.

Our Choice of Tools: We selected an AI-driven approach powered by FastAPI / Node and Firebase because they provide unparalleled speed, real-time data synchronization, and scalability. The frontend utilizes Glassmorphism UI and Chart.js to ensure that complex risk data is easily digestible and beautiful for stakeholders.

🧠 How the Risk Score is Calculated

Currently, the risk engine calculates scores using a Weighted Random-Walk Simulation combined with mean-reversion algorithms. Every 10-15 seconds, the engine factors in the vendor's Criticality Weight and applies a stochastic anomaly drift. If a score crosses the threshold of 70, it automatically triggers a High-Risk Alert and executes an immutable log entry.

🔮 What We Will Add in the Future

In Phases 2 and 3, CRAG will evolve from simulated risk scoring to incorporating Live OSINT external threat intelligence feeds via REST APIs. We will integrate powerful Machine Learning models for predictive breach forecasting and Natural Language Processing to scan security policies. Finally, we plan to implement a Blockchain-Backed Ledger to make our compliance auditing fully distributed and cryptographically secure.

💬

🤖

CRAG Assistant
● Online

👋 Hi! I'm the CRAG Assistant. Ask me about vendor risk, how the system works, or any features. Try these:

#	Timestamp	Action	Details