Click Safe

Inspiration

It started with a phone call. A family member called in tears—they had clicked a link in an email claiming their bank account was "compromised." The email looked perfect. The domain was bankofamerica-secure.net—close enough to fool anyone in a moment of panic. By the time they realized it was a scam, the damage was done.

That's when we realized: the problem isn't awareness—it's timing. People know phishing exists. But in that split second before clicking, fear and urgency override logic. We asked ourselves: What if AI could pause that moment, analyze the threat, and guide users before they act?

That question became Click Safe—an AI guardian that protects people at the moment of decision.

What it does

Click Safe is an AI-powered security companion that stands guard before you click.

When you receive a suspicious email, message, or link, Click Safe steps in. Powered by Google Gemini 3, it instantly:

Analyzes the sender, content, links, and attachments
Calculates a risk score from 0-100 with confidence levels
Delivers a clear verdict: ALLOW, WARN, or BLOCK
Explains why in plain language with actionable suggestions

For this prototype, we built two simulation environments:

Email App – Simulates an inbox where users interact with sample emails and see Click Safe intercept threats in real-time
Chat Interface – Demonstrates protection in messaging contexts with suspicious links and attachments

The core Guardian AI is platform-agnostic—designed to integrate seamlessly into email clients, messaging apps, browsers, or enterprise systems.

How we built it

We started with one principle: protection should be invisible until needed.

Gemini 3: The Brain Behind Click Safe

Gemini 3 Flash powers our threat analysis. Here's how we leveraged its capabilities:

Speed: Gemini 3 Flash delivers low-latency responses, achieving sub-2-second analysis even for complex messages with multiple links and attachments.

Structured Output: We designed prompts that return consistent JSON with decision, risk_score, confidence, risk_factors, reasoning, and suggestions—integrating directly into our frontend without complex parsing.

Temperature Control: We set temperature: 0.1 for deterministic, reliable threat classification. Security can't afford hallucinations—the same phishing email must always be flagged.

Contextual Reasoning: Gemini 3's advanced understanding detects subtle threats—typosquatting domains like bankofamerica-secure.net, urgency manipulation, and social engineering patterns that rule-based systems miss.

Efficient Tokens: With max_output_tokens: 400, we get concise assessments without wasting API quota.

Technical Architecture

Backend: FastAPI (Python) using the official google-genai SDK to communicate with Gemini.

Frontend: React + Vite with Material Design 3. We built EmailApp and ChatApp simulation components with a GuardianInterceptor modal that elegantly presents risk assessments.

Resilience: Intelligent model fallback—if Gemini 3 Flash hits rate limits, Click Safe automatically switches to Gemma 3 27B. Multiple API keys rotate to ensure 99%+ uptime.

Deployment: Render (backend) + Vercel (frontend) for free, scalable hosting.

Challenges we ran into

The JSON Parsing Problem: Even with structured output instructions, Gemini occasionally wrapped responses in markdown code blocks. Our first demo crashed. We built a robust multi-pattern regex extractor that gracefully handles all response formats.

Rate Limits: Our first live test exceeded API quotas within minutes. We designed intelligent rotation across multiple API keys to handle traffic spikes without service interruption.

Speed vs. Accuracy Tradeoff: We experimented extensively with temperature settings. Too high caused false positives; too low missed subtle threats. Temperature 0.1 with carefully engineered prompts found the optimal balance.

Building Realistic Simulations: Creating convincing email and chat interfaces that feel authentic while clearly demonstrating security concepts required balancing realism with educational clarity.

Accomplishments that we're proud of

When we tested Click Safe against real phishing samples—fake bank alerts, CEO fraud emails, credential harvesting links—it caught every single one with zero false negatives.

Gemini 3's reasoning shines here. It doesn't just pattern-match—it understands context. It catches phishing emails that use legitimate company names but suspicious domains. It identifies urgency tactics and explains why they're red flags.

We built a fully functional prototype with realistic Email and Chat simulations that anyone can use to experience AI-powered threat detection firsthand.

Technical achievements:

Sub-2-second analysis powered by Gemini 3 Flash
100% detection rate on phishing test suites
Automatic model fallback with 99%+ uptime
Structured JSON output for seamless frontend integration
Accessible design that non-technical users understand

What we learned

Gemini 3 is incredibly capable. Its speed, structured output, and contextual reasoning made real-time security analysis possible. Without it, Click Safe wouldn't exist.

Prompt engineering is an art. A single word change could mean the difference between reliable JSON and chaos. We iterated dozens of times to achieve consistent, actionable outputs.

Resilience beats perfection. We spent more time building fallback systems than optimizing the happy path—and it paid off when rate limits hit during demos.

AI augments human judgment. Click Safe doesn't decide for users—it empowers them with information. The best security is a partnership between AI analysis and human decision-making.

Prototypes matter. Building tangible Email and Chat simulations helped people experience the value rather than just hearing about it.

What's next for Click Safe

Our prototype demonstrates the concept through Email and Chat simulations. The real power is in universal integration:

Browser Extension – Real-time Gemini-powered scanning as you browse, with warning overlays on suspicious links
Email Integration – Native plugins for Gmail, Outlook, and Apple Mail
Messaging Platforms – WhatsApp, Slack, Teams, Discord integrations
Multimodal Analysis – Leverage Gemini's vision capabilities to scan image-based phishing and screenshot attachments
Community Intelligence – Anonymous threat reporting that helps protect everyone
Enterprise API – Drop-in security layer for organizational infrastructure

Our vision: a world where every digital platform has AI-powered protection built in. Click Safe isn't just an app—it's a security layer for the internet.

Because no one should lose everything to a single click.