PhishGuard – Human-Aware Phishing Defense

An AI-powered phishing defense system that explains why humans fall for attacks and helps prevent future ones — designed for a post-quantum cyber future.

Comment

Inspiration

Phishing remains one of the most effective cyberattacks, not because of technical weaknesses alone, but because it exploits human behavior. Many existing security tools focus on blocking malicious emails, yet users often fall victim again because they never understand why an email was dangerous.

PhishGuard was inspired by the idea that cybersecurity should not only detect threats, but also educate users. By explaining how attackers use psychological manipulation such as urgency, authority, and impersonation, users can build long-term awareness and resilience against phishing attacks.

What it does

PhishGuard is a human-aware phishing defense system that analyzes the subject and body of suspicious emails. It classifies emails as phishing or safe, identifies the manipulation techniques used, assigns a risk level with detection confidence, and provides a clear AI-generated explanation.

Instead of stopping at detection, PhishGuard also guides users on what actions to take next, helping reduce the chance of repeated phishing attacks.

How we built it

The project was built as a web application using a modern frontend stack and explainable AI techniques. Email content is analyzed using contextual and behavioral signals, and the results are presented through a clean, easy-to-understand interface.

Google Gemini, accessed via Genkit, is used to generate explanations that help users understand why an email is risky. The application was developed and prototyped using Firebase Studio.

Challenges we ran into

One of the main challenges was balancing accurate detection with clear and responsible explanations. Overly technical explanations can confuse users, while oversimplified outputs reduce trust. Another challenge was framing future-facing concepts, such as post-quantum security, without making unrealistic claims.

What we learned

We learned that effective cybersecurity tools must focus on human behavior as much as technical indicators. Explainable AI can significantly improve user trust and awareness when designed carefully.

Post-Quantum perspective

While future quantum computers may weaken traditional encryption-based systems, human manipulation techniques will remain effective. PhishGuard focuses on securing this human layer, making it relevant and resilient in future post-quantum security environments.

Built With

Share this project:

Updates