PhishDefender — Real-Time AI Phishing Detection on Cloud Run

Detect phishing links instantly with AI-powered explainability, deployed serverlessly on Google Cloud Run.

Comment

Inspiration

Phishing remains the leading cause of cyberattacks worldwide, with over 90% of breaches starting from malicious links. Most small teams and independent developers can’t afford enterprise-level protection. We wanted to build a lightweight, affordable, and serverless security solution that scales automatically, stays cost-efficient, and explains its decisions. That idea became PhishDefender — a real-time phishing detection system built entirely on Google Cloud Run.

What it does

PhishDefender detects phishing URLs and suspicious emails using a combination of machine learning and heuristic analysis. Users can paste any link or call the REST API to instantly get: A phishing probability score A classification (safe / suspicious / phishing) A clear explanation of why the decision was made All scans are logged in Firestore, and the dashboard shows results in real time

How we built it

Backend: FastAPI (Python) containerized and deployed on Google Cloud Run Model: Lightweight scikit-learn logistic regression trained on open phishing datasets Storage: Cloud Storage for model artifacts Database: Firestore for scan logs and analytics Frontend: Simple React + Tailwind dashboard for scanning CI/CD: GitHub Actions + Cloud Build for automated deployments Monitoring: Cloud Logging and Monitoring dashboards

Challenges we ran into

Managing cold start latency for the ML model inside Cloud Run containers Balancing heuristic and ML scoring to maintain both accuracy and speed Configuring Firestore IAM roles securely for serverless access Working around billing and deployment limits while testing Ensuring explainable AI outputs that make sense to non-technical users

Accomplishments that we're proud of

Built a real-time, explainable phishing detection API from scratch Deployed and tested it successfully on Google Cloud Run Integrated Firestore logging and a responsive React dashboard Designed a CI/CD pipeline for one-click deployment Produced a professional demo video and documentation under tight time constraints

What we learned

How to architect serverless AI applications using Cloud Run and Firestore The importance of explainability in AI-based cybersecurity tools Setting up GitHub Actions and Cloud Build for continuous deployment Best practices for container optimization and request handling in Cloud Run

What's next for PhishDefender — Real-Time AI Phishing Detection on Cloud Run

Add a Chrome Extension for one-click phishing detection in browsers Integrate Vertex AI or Gemini API for deeper NLP-based analysis of emails Build a real-time analytics dashboard using BigQuery and Data Studio Launch a public developer API for third-party security integrations Expand into a multi-language, multi-platform phishing intelligence service

Built With

Share this project:

Updates