Inspiration
CaveBuddy was inspired by two problems we kept seeing in everyday email use: people are constantly exposed to phishing, scam emails, and risky attachments, while at the same time many AI tools ask users to send sensitive data to external servers. Email is one of the most important and vulnerable workspaces, but most security tools still feel invisible, intimidating, or disconnected from how people actually work.
The hackathon theme, Futuristic Cavemen, pushed us to think in a more creative direction. Instead of building a generic security assistant, we imagined a caveman AI guide living inside Gmail, helping users survive the modern “wild internet.” From that idea, we added the dinosaur egg and evolving pet companion. The caveman is the main assistant, and as the user interacts more, they unlock a dinosaur egg that eventually hatches into a pet. That progression makes security and productivity feel more personal, interactive, and fun.
We were also strongly motivated by privacy. Since emails often contain personal, professional, and financial information, we wanted CaveBuddy to be privacy-preserving by design. That is why we chose to use a local LLM through Ollama, so the system can provide AI assistance without relying on cloud-based processing for core tasks.
What it does
CaveBuddy is a privacy-preserving Chrome extension for Gmail that combines cybersecurity, productivity, and an interactive companion experience.
Its security features include detecting phishing and scam emails, assigning a 0–100 scam risk score, showing detailed red-flag explanations, pre-scanning inbox emails before users open them, flagging risky attachments such as executables, macro-enabled files, and suspicious double extensions, and exporting formatted scam reports for reporting or sharing.
Its productivity features include one-click email summarization, automatic summaries for long emails, draft improvement and reply generation, writing from prompts with tone control, to-do extraction with priorities and deadlines, meeting detection and one-click Google Calendar event creation, alerts before meetings or deadlines, translation of incoming foreign-language emails, translation of outgoing replies back into the sender’s language, and generation of tables, mind maps, flowcharts, and SVG illustrations from email content.
Its companion layer includes a main caveman AI assistant, three animated characters including dinosaur and caveman-themed options, a progression system where user interaction unlocks a dinosaur egg, the egg eventually hatches into a dinosaur pet companion, and encouragement messages, animated reactions, and visual feedback tied to inbox activity.
The result is a Gmail assistant that does not just warn users about threats, but also helps them work faster and feel more engaged.
How we built it
We built CaveBuddy as a Chrome extension that integrates directly into Gmail’s interface. The extension injects UI elements into the inbox and email views, allowing us to show scam risk badges, warning icons, summaries, side panels, and the animated assistant without forcing users to leave Gmail.
At a high level, the system works like this:
Gmail Content → Extension Layer → Local LLM / Analysis Modules → Security + Productivity Actions The main components are:
Chrome Extension Layer
This handles Gmail UI integration, inbox row risk badges, attachment warning indicators, side panel tools, pet animations and bubbles, and user interactions such as summarizing, drafting, translating, and checking scam risk.
Local AI Layer
We used a local LLM through Ollama to support the privacy-preserving design. Instead of sending private inbox data to external cloud APIs, core analysis happens locally. This allows us to keep sensitive email content on-device while still providing AI-powered features like summarization, writing help, translation, and structured extraction.
Security Layer
For scam detection, we analyze email content for phishing indicators such as urgency language, suspicious requests, credential or payment prompts, sender inconsistencies, risky attachment patterns, and other red flags commonly found in scam emails. We then convert those signals into a risk score and a breakdown that users can actually understand.
Productivity Layer
On top of the same email content, we built modules for summarization, to-do extraction, meeting detection, translation, writing assistance, and structured content generation.
Character and Progression System
We also built the companion experience into the extension. The caveman acts as the main assistant, while the dinosaur egg and pet create a progression loop tied to interaction. Conceptually, we thought about it as: More Helpful Interactions → More User Engagement → Egg Unlock → Pet Evolution That made the assistant feel less like a static tool and more like an evolving relationship.
Challenges we ran into
One of the biggest challenges was scope. CaveBuddy combines phishing detection, attachment scanning, summarization, writing help, translation, to-do extraction, meeting reminders, visual generation, and animated character interactions. Each of these could be a project by itself, so we had to keep narrowing our focus to make sure the core experience stayed strong.
Another challenge was working inside Gmail. Gmail is a dynamic interface, so building a Chrome extension that feels integrated rather than fragile takes careful UI handling. We had to make sure our badges, panels, warnings, and companion elements appeared in the right places without disrupting the existing workflow.
The local model decision was also both a strength and a challenge. Running a model locally is great for privacy, but it introduces constraints around performance, model size, response speed, and hardware capability. We had to think carefully about how to make a local-first system still feel responsive enough to be useful.
We also faced the classic security tradeoff between false positives and false negatives. If CaveBuddy warns too often, users may ignore it. If it is too conservative, it could miss real scams. That balance is central to scam detection, and even in a hackathon setting it shaped how we thought about the experience.
Finally, we had to balance playfulness with credibility. The caveman and dinosaur theme makes the product memorable, but we still wanted it to feel like a real cybersecurity tool rather than just a cute overlay. That meant keeping the security and privacy story clear throughout the project.
Accomplishments that we're proud of
We are proud that CaveBuddy is not just a concept, but a cohesive system that combines multiple ideas into one experience.
Some accomplishments we are especially proud of include building a Chrome extension directly inside Gmail, designing CaveBuddy as a privacy-preserving, local-first assistant, using a local LLM through Ollama instead of defaulting to cloud processing, combining cybersecurity and productivity instead of treating them as separate tools, creating inbox pre-scanning so users can identify risky emails before opening them, adding attachment risk indicators directly into the inbox workflow, making the assistant feel alive through animation, encouragement, and reactions, and designing a progression mechanic where interaction unlocks a dinosaur egg and later a pet companion.
We are also proud of the overall product identity. CaveBuddy does not feel like a generic email assistant. It has a clear theme, a clear privacy angle, and a clear use case.
What we learned
One of the biggest things we learned is that security tools need good UX. Even the best detection logic does not matter much if users do not notice warnings, understand them, or trust them. Presenting security information clearly is as important as generating it.
We also learned that privacy can be a core product decision, not just a technical detail. Choosing a local model changed not only how the system worked, but also what it stood for. In a space where many assistants rely on cloud APIs by default, local AI gave CaveBuddy a stronger identity.
Another lesson was that users do not want separate tools for every task. It is much more powerful when one assistant can move naturally from scam detection to summary to task extraction to writing help. That integration made CaveBuddy feel more useful in real workflows.
We also learned that adding an emotional or game-like layer can improve engagement when it is tied to real utility. The dinosaur egg and pet are not there just for decoration; they encourage continued interaction and make the experience more memorable.
What's next for CaveBuddy
The next step for CaveBuddy is to make it more robust, more personalized, and more deeply integrated into user workflows.
Some future directions we are excited about include improving the phishing/scam detection model with better email datasets and stronger classification pipelines, expanding attachment analysis beyond simple risk flags into deeper document understanding, making the task extraction system more reliable and allowing export to external productivity tools, extending the meeting assistant into smarter calendar planning and agenda generation, improving multilingual support and translation quality, adding stronger personalization for user preferences, trusted senders, and communication styles, evolving the caveman and dinosaur companion system with more progression, reactions, and unlockable states, and exploring broader Google Workspace integration beyond Gmail.
Most importantly, we want to continue developing CaveBuddy as a local-first, privacy-preserving assistant that proves AI help inside email does not need to come at the cost of user privacy.
In short, what is next for CaveBuddy is simple: make inbox security smarter, make productivity smoother, and keep the experience human.
Log in or sign up for Devpost to join the conversation.