PhishDetect

URL form
Screenshot and Phishing likeliness score
Reports and Analysis

Inspiration

We often receive emails and SMS messages containing links that we're hesitant to click on ourselves. PhishDetect was born out of the need to safely evaluate suspicious links without putting our own systems at risk. With phishing attacks becoming increasingly sophisticated, we wanted to create a tool that could automate this verification process.

What it does

PhishDetect leverages agentic AI in a continuous feedback loop to autonomously analyze suspicious links. Our AI agent controls a sandboxed browser environment, making intelligent decisions based on real-time feedback from the website—analyzing content, intercepting network requests, and identifying potential impersonation attempts. This feedback-driven approach allows the agent to dynamically probe for form fields and malicious content that attempt to steal sensitive information like personal credentials or payment details. Users submit a URL, and our system delivers a comprehensive threat analysis with a clear classification.

How we built it

We built PhishDetect using Puppeteer as our sandboxed browser environment, paired with Google's Gemini as our AI backbone. Gemini analyzes browser feedback including website content, network requests, and potential impersonation attempts. Fake credentials are also generated via LLMs to avoid exposing sensitive data to malicious websites. The frontend is built with React and Next.js, providing users with a clean interface that displays detailed threat analysis and classification for each investigated link.

Challenges we ran into

Finding legitimate phishing links for testing proved surprisingly difficult, thanks to modern cybersecurity measures and best practices. We often had to create our own test cases to properly validate our system. We also encountered inconsistent analysis results initially, which we resolved by refining our LLM prompts and establishing clear guidelines for structured output formatting.

Accomplishments that we're proud of

This was a first hackathon experience for one of our team members, and shipping a complete, functional product with real potential—beyond just meeting time constraints—was incredibly rewarding. We're also proud of exploring AI applications beyond text generation, demonstrating how agentic AI can be leveraged for practical security applications.

What's next for PhishDetect

We plan to expand PhishDetect with advanced crawling capabilities to detect additional forms of malicious content. We also aim to integrate with popular security databases to cross-reference findings and improve our threat detection accuracy.