KOKOSde / identity-risk-engine

Public

Open-source session-level identity risk scoring for fintech

100% credibility

Found Mar 27, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

Open-source toolkit for analyzing authentication events to compute risk scores and decide on actions like allow, challenge, or block based on device, location, and behavior signals.

How It Works

🔍 Discover login protector

You hear about a free tool that spots fake logins and bad actors trying to break into accounts.

📥 Bring it home

Download and set up the tool on your computer in a few minutes.

🧪 Make test logins

Create pretend login events, some normal and some sneaky attacks, to practice with.

🔍 Spot the risks

Run the checker on your test logins and get instant risk scores for each one.

📊 Review the report

Open a simple report showing safe logins allowed, risky ones blocked or challenged, with explanations.

⚙️ Set your rules

Adjust the safety levels, like when to ask for extra proof or block completely.

✅ Logins are safe

Your app now protects real users from takeovers, bots, and fraud with smart decisions.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is identity-risk-engine?

This open-source Python identity risk engine scores auth events at session-level for fintech and crypto apps, fusing signals like device fingerprints, geo-velocity, behavior anomalies, passkey usage, and recovery flows to detect suspicious logins before transactions. It outputs risk scores, policy-driven actions (allow, step-up, block), and human-readable explanations, solving the pain of rebuilding isolated fraud detectors. Pip-installable with CLI tools to simulate data, score CSVs, generate reports, and a FastAPI endpoint for real-time integration.

Why is it gaining traction?

Unlike single-signal github open source tools, it bundles multi-signal fusion, configurable policies, and synthetic attack benchmarking (AUROC 0.99 on mixed threats) into a local-first kit—no cloud dependency. Developers hook it fast via CLI quickstarts or Python APIs, with FastAPI demos for production auth flows. As a self-hosted open source github alternative to enterprise risk platforms, it ships benchmarks proving near-perfect attack separation.

Who should use this?

Fintech engineers building login guards for banks or wallets, crypto exchange teams blocking ATOs during airdrops, and fraud analysts prototyping step-up auth. Ideal for identity teams evaluating session-level risk without vendor lock-in, especially those handling passkey/MFA fatigue or recovery abuse.

Verdict

Grab it for proofs-of-concept or internal tools—MIT-licensed, 36 passing tests, solid README with case studies—but at 19 stars and 1.0% credibility, treat as early alpha. Polish docs and add real-world contribs to hit escape velocity.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 19 stars

Bonus: AI verified quality (100%)

Account age: 743 days

Repo age: 7 days

License: MIT

Updated: Mar 27, 2026