CyberCane

• 

• 

• 

• 

• 

• 

• 

• 

Inspiration

Phishing emails remain one of the most common entry points for cyberattacks. We wanted to build a tool that empowers everyday users—not just security experts—to recognize and stop phishing attempts. Our inspiration came from seeing how easily people can be tricked by official-looking messages and realizing we could combine explainable rules with AI to give users confidence in their inbox.

What it does

CyberCane connects to Gmail, pulls in the user’s 10 most recent messages, and runs them through a two-stage phishing detector.

Phase 1: Deterministic rules (e.g., suspicious domains, urgency language, missing SPF/DMARC) provide an instant baseline.

Phase 2: AI + RAG analysis embeds each email, finds similar known phishing attempts from our database, and uses an LLM to estimate the probability of phishing. Emails are color-flagged as Safe (0-25%), Suspicious (25-50%), or Phish (≥50%), with reasons shown for transparency.

How we built it

Frontend: Next.js 15 + TailwindCSS for a modern, responsive inbox UI. Integrated NextAuth for Google sign-in and Gmail API fetch.

Backend: FastAPI with SQLAlchemy + Postgres (with pgvector). Stored embeddings and created HNSW indexes for similarity search.

AI Service: OpenAI’s embedding model (text-embedding-3-small) for vectorization and GPT-4.1-mini for classification reasoning.

Pipelines: Deterministic rules in Python handle DNS checks, urgency keywords, and URL analysis. Redaction removes PII before any AI call.

Infrastructure: Dockerized Postgres with PostGIS + pgvector, tested locally with Docker Compose.

Challenges we ran into

Parsing Gmail MIME messages reliably (HTML vs plain text) without losing important context.

Keeping PII safe—ensuring sensitive data like SSNs or phone numbers never leave the system unredacted.

Managing OAuth tokens and refresh flows in a hackathon timeframe.

Optimizing vector search queries for performance with pgvector.

Accomplishments that we're proud of

Building a full end-to-end pipeline (Gmail → deterministic rules → AI embeddings + RAG → UI results) in just one hackathon.

Making results explainable: users not only see a verdict but also why the email was flagged.

Seamlessly integrating frontend and backend with modern stacks (Next.js + FastAPI + pgvector).

Creating a foundation that could scale into a real-world phishing detection tool.

What we learned

How to combine deterministic security rules with AI to balance speed, accuracy, and explainability.

The intricacies of Gmail API integration, Pub/Sub webhooks, and handling OAuth securely.

Practical use of pgvector for similarity search on text embeddings.

The importance of designing user interfaces that are not just functional but trust-building in security apps.

What's next for CyberCane

Enable Gmail push notifications via Pub/Sub so new emails are analyzed in real time.

Expand beyond Gmail: add support for Outlook and enterprise email systems.

Train a lightweight fine-tuned model on phishing datasets to improve AI accuracy.

Build a user dashboard with statistics, trends, and education modules to help users spot phishing patterns on their own.

Package the system as a browser extension for one-click scanning anywhere.

Built With

• amazon-web-services
• fastapi
• python
• rag
• reactpython