Me and my team built Tarkist.us to solve a problem we kept seeing: evaluating the security of third-party software takes forever. Companies need to assess vendors before buying their products, but the manual process is painfully slow.

The platform uses a multi-agent AI system with nine specialized agents. Each one handles a specific part of the assessment: finding CVEs, checking compliance, analyzing incidents, calculating trust scores, and more. The key is keeping each agent narrowly focused to avoid hallucinations.

The backend runs on FastAPI with an async architecture. Agents work in parallel where possible, and everything is coordinated through an orchestrator service. I'm using SQLite with Alembic for persistence, deployed via Coolify.

For CVE data, I pull from official APIs (NVD, CISA KEV, CVE.org) rather than having AI scrape the web. The LLMs just analyze the structured data, which keeps things accurate.

The whole system follows strict anti-hallucination principles: every fact needs a source link, agents return "not found" rather than guessing, and claims are clearly labeled as vendor-stated, independent, or certified third-party.

We (me and a friend) created this in 2 days at Junction 2025 hackathon. The goal was to make security assessment actually fast enough to be useful.