Inspiration

AI voice cloning now needs as little as 3–10 seconds of sample audio to produce a convincing clone of someone's voice. The FBI, FTC, and AARP have all issued warnings about scammers using cloned voices of grandchildren, bosses, and bank officers to build urgent, emotionally manipulative calls — the "grandparent scam" reinvented with real-time deepfake audio. Despite that, no mainstream consumer tool catches this live, during the call — every fraud tool I could find works after the fact, once the money is already gone. That gap is what Guardian Line exists to close.

What it does

Guardian Line listens alongside a phone call in real time and fuses two independent signals into one calm, explainable Trust Meter:

  1. Voice authenticity — real client-side audio forensics (pitch jitter, amplitude shimmer, spectral flatness, computed via a hand-written FFT + autocorrelation pitch tracker) estimate the probability a voice is synthetic, entirely on-device.
  2. Conversational risk — a rolling scam-language classifier tags live transcript text into five categories: urgency, financial requests, isolation tactics, authority impersonation, and emotional manipulation.

Either signal alone can raise a flag; both together escalate faster, mirroring how a real scam call stacks tactics. Every flag comes with a plain-language explanation — never a black-box score — and the meter is color-graded green → amber → red instead of a jarring alarm, so it stays usable in the exact moment someone is scared and being pressured.

Beyond the core detector: a pre-registered Safe Word the app prompts you to ask for mid-call if risk spikes, an optional Family Circle alert to a trusted contact, a full post-call report (trend sparkline, flagged moments, printable/FTC-style export, QR share), a "was this helpful?" feedback loop that nudges detection sensitivity over time, an installable PWA with offline fallback, a Manifest V3 browser extension shell, and a scam-phrase classifier that covers English, Spanish, French, Mandarin, Vietnamese, and Tagalog.

How I built it

Next.js 16 (App Router, React 19, TypeScript, Tailwind CSS v4), entirely client-side — no backend, no database. Audio capture runs through the Web Audio API; a hand-rolled radix-2 FFT and autocorrelation-based pitch detector compute jitter/shimmer/spectral flatness directly from the raw signal, offloaded to a Web Worker so the UI never stalls. Live transcription uses the Web Speech API. The scam-language classifier is a transparent, fully offline rule engine — weighted keyword/phrase matching per category per language — deliberately built with the exact function signature a real hosted LLM call could later be swapped into without touching any caller. Everything persists to localStorage on the user's own device; nothing is ever transmitted anywhere by default.

Challenges I ran into

  • Making synthetic-voice detection real, not simulated. It would have been much faster to fake the "cloned voice" score with a random number generator. Instead I built actual signal processing — a working FFT and autocorrelation pitch tracker — and had to fix a real octave-error bug in the pitch detection (picking the wrong harmonic lag) before the jitter numbers were trustworthy.
  • Calm, not alarming. Early passes felt like a smoke detector — jarring red flashes and sirens are exactly the wrong UX for someone already being manipulated by urgency and fear. Redesigning around a graded, explainable meter with concrete next steps ("Break the Spell") instead of raw alarm took several iterations.
  • A silent-but-critical regression. Adding multi-safe-word support broke the old single-safe-word field's wiring — the in-call Safe Word prompt stopped firing entirely for anyone using the new UI, with no error anywhere. Caught it by actually running the flow end-to-end instead of trusting that the code compiled.
  • Honesty about scope. A hackathon build can't train a real anti-spoofing model or ship a native mobile app. Rather than fake those, I built the most honest, functional version possible (a procedurally generated synthetic-speech reference tone with the actual acoustic fingerprints of TTS output, a PWA install flow instead of a fake native app shell) and documented the gap clearly instead of hiding it.

Accomplishments I'm proud of

Every core number on the Trust Meter is backed by real math, not a placeholder — you can open the console and watch actual jitter/shimmer/spectral-flatness values move. The whole thing runs with zero backend and zero API keys, works offline as an installable PWA, and is accessible (high contrast, large text, dyslexia-friendly font, full keyboard navigation, ARIA live regions) rather than accessibility being bolted on at the end.

What I learned

How much detection quality lives in tuning, not just algorithm choice — the fusion weights between voice-authenticity and transcript-risk needed real iteration to avoid both false alarms and missed danger. And that for a fraud-prevention tool aimed at potentially scared, elderly, or otherwise vulnerable users, the calm, explainable presentation of a signal matters as much as the signal's accuracy.

What's next

  • Carrier-level integration so detection runs natively on incoming calls, no browser extension required.
  • A trained, on-device anti-spoofing model to replace the current heuristic classifier, compressed for real-time mobile performance.
  • Full UI localization for the languages the scam-phrase classifier already detects (French, Mandarin, Vietnamese, Tagalog) beyond the current English/Spanish interface.
  • Partnerships with banks and senior-safety organizations for a "verified safe call" ecosystem.

Built With

Share this project:

Updates