CyberLens: AI Scam Shield

CyberLens homepage showcasing an all-in-one AI-powered toolkit for scam detection and online safety.
Detected 5 scam indicators with a 74/100 danger score using offline analysis.
Highlighted phishing cues and threat signals, exposing urgency tactics and a malicious spoofed login link.
Identified phishing red flags including a disguised PayPal domain, risky .xyz TLD, HTTP link, urgency cues, and generic greetings.
Provides AI-generated remediation steps to mitigate detected threats and strengthen system security.
Analyze URLs, emails, messages, files, images, and voice calls to detect scams and malicious content using AI and VirusTotal.
Privacy Checkup reveals a maximum exposure score, indicating a highly trackable digital fingerprint.
Enables scam reporting, AI-powered threat assistance, and easy sharing or exporting of security reports.
Highlights threat signals and vendor detections to explain why a file or message is considered suspicious.
CyberLens detects a dangerous phishing email impersonating PayPal and flags multiple scam indicators.
AI-powered threat dashboard for detecting and analyzing cyber attacks from logs.
Password Lab evaluates password strength and verifies exposure against known data breaches while keeping everything local.
CyberLens displays the malicious verification link and advises users not to click, reply, or interact with the phishing message.
Upload and analyze server logs to automatically detect threats and generate actionable security insights.

💡 Inspiration

Today, cybersecurity is broken for everyday people. Scammers are no longer just sending misspelled emails — they are using AI to clone voices, generate pixel-perfect phishing websites, and deploy Web3 honeypots that drain crypto wallets in seconds. We realized that while enterprise companies have massive Security Operations Centers (SOCs) full of analysts to protect them, your grandparents, your friends, and small businesses have nothing but basic antivirus software from 2010.

We built CyberLens: AI Scam Shield to close that gap — to democratize enterprise-grade threat intelligence and put the power of Google's Gemini AI and VirusTotal's 70+ scanning engines directly into the hands of everyday users, for free.

⚙️ What it does

CyberLens is a comprehensive, all-in-one Cyber Safety Suite powered by 10 distinct tools and 7+ integrated security APIs. It caught 19 out of 20 known phishing samples in our internal test set.

🎤 Voice Call Analyzer: The only tool in this hackathon that fights vishing in real-time. Hold your phone up to your computer during a suspicious call — our browser-native SpeechRecognition API transcribes it live and Gemini AI detects "IRS Scam," "Grandparent Scam," and "Tech Support Fraud" scripts as they happen.
🔗 Shareable Warning Links: A zero-database community defense tool. When you detect a phishing link, you generate a Shareable Warning Link that cryptographically encodes the full AI threat analysis into the URL itself using base64. Send it to anyone — they open a large red warning page with the full explanation. No server. No account. No database. Just math.
🛡️ Zero-Upload File Hashing: Uploading a sensitive file to a third-party server to check for malware is itself a privacy risk. We use the browser's crypto.subtle Web Crypto API to generate a SHA-256 hash entirely on the user's device. Only the cryptographic fingerprint is sent to VirusTotal — your file never leaves your machine.
🔑 Password Lab: Strength + entropy analysis with breach checking via k-anonymity. Your password is hashed locally with SHA-1; only the first 5 characters of the hash are sent to HaveIBeenPwned — your actual password is mathematically never transmitted.
🕵️ Privacy Checkup: A full digital-footprint audit that reveals exactly what any website can silently read about you — IP, ISP, geolocation, canvas fingerprint, hardware concurrency, browser timezone, and more.
🌐 Website Inspector: Scans any domain's HTTP security headers and TLS configuration, grading it A–F. Checks for missing Content-Security-Policy, X-Frame-Options, HSTS, and other critical misconfigurations.
🎯 Phishing Dojo: A gamified, interactive training simulator that teaches users to spot phishing red flags — fake PayPal receipts, compromised Netflix alerts, spoofed bank transfers — before they ever need the analyzer.
🧩 Chrome Extension: Scan any link on the internet without leaving your current tab. Right-click any URL and get an instant threat assessment in seconds.

🛠️ How we built it

We architected CyberLens as a fully decoupled, privacy-first system.

Frontend: React + Vite with a custom glassmorphism CSS design system built entirely from scratch — no UI libraries. Every component was hand-crafted for a "cyberpunk command center" aesthetic that makes security feel accessible rather than intimidating.
Backend: A Node.js/Express server acts as a secure API gateway, hardened with helmet for HTTP security headers, express-rate-limit to prevent DDoS and API quota exhaustion, strict request payload size limits, and origin-locked CORS. All API keys are isolated server-side and never exposed to the client.
AI & Intelligence Layer: We integrated Google Gemini 2.5 Flash for deep contextual reasoning — it doesn't just flag threats, it explains in plain English why something is dangerous and exactly what to do about it. We feed it structured data from 4 deterministic APIs (VirusTotal, Google Safe Browsing, URLScan, AbuseIPDB) as grounding context before requesting analysis.
Privacy-First Engineering: We relied heavily on native Browser Web APIs — crypto.subtle for client-side SHA-256 and SHA-1 hashing, SpeechRecognition for live voice analysis, and Tesseract.js for on-device OCR — so sensitive user data (files, passwords, voice, images) never touches our server.
APIs integrated: VirusTotal · Google Gemini 2.5 Flash · Google Safe Browsing · URLScan.io · AbuseIPDB · HaveIBeenPwned · IPinfo

⚠️ Challenges we ran into

Multi-API async orchestration: Coordinating 4 parallel API calls (VirusTotal, Safe Browsing, URLScan, AbuseIPDB) and merging their responses into a single coherent Gemini prompt was the core technical challenge. We solved this with Promise.allSettled() so that a single slow or rate-limited API never blocks the entire analysis pipeline — partial results still produce a valid, weighted threat report.

File privacy paradox: We wanted to scan files for malware without ever receiving them on our server. The solution was crypto.subtle.digest('SHA-256', fileBuffer) — the entire hash computation happens inside the browser's native cryptographic engine. Only the hex fingerprint travels over the network.

Rate limit survival on free-tier APIs: VirusTotal's free tier allows 4 requests/minute. We built a client-side request queue and a graceful degradation path — if VirusTotal is throttled, the analyzer automatically falls back to Gemini-only analysis combined with the offline heuristic engine, so the user always receives a result.

🏆 Accomplishments that we're proud of

Built a zero-database Shareable Warning Link — a novel approach to community-driven scam defense that requires no backend infrastructure whatsoever.
Achieved zero-upload file scanning using browser-native crypto.subtle — sensitive files never leave the user's device, ever.
Implemented k-anonymity for password breach checking — a cryptographic technique used in production security tools at scale.
Built a Chrome Extension alongside a full web application — two separate products shipped in one hackathon.
Delivered 10 distinct security tools covering 5+ different real-world attack vectors: phishing, vishing, malware, data breaches, and browser fingerprinting.
Caught 19/20 known phishing samples in our internal test set using the multi-API + Gemini pipeline.

🧠 What we learned

We learned how to prompt-engineer Gemini to behave as a strict cybersecurity analyst rather than a general assistant — forcing it to output structured JSON threat reports with specific fields (risk score, threat type, scam DNA, remediation steps) rather than conversational answers.

We also deeply explored native Browser Web APIs, realizing how much powerful cryptographic and ML work can be pushed to the client edge to maximize user privacy. The Web Crypto API is production-grade — crypto.subtle is the same cryptographic primitive used in end-to-end encrypted messaging applications.

🚀 What's next for CyberLens

Twilio SMS Bot: Forward any suspicious text directly to a phone number and receive an instant AI threat analysis back via SMS — no app required.
Real-Time Live Radar: Upgrade the dashboard to pull live, anonymized global attack data from threat intelligence feeds, visualized on a real-time 3D globe.
One-Click Takedowns: Automatically generate and send DMCA/abuse reports to the hosting providers of detected scam websites, turning our users into active defenders.