About the Project
💡 Inspiration
Phishing attacks are one of the most common and effective forms of cybercrime today. Despite awareness campaigns, users still struggle to distinguish between legitimate and malicious emails or websites—especially when attackers mimic trusted platforms. We wanted to build a solution that works in real-time, in the user’s natural environment, rather than relying on external tools or prior knowledge.
🚀 What We Built
We built PhishGuard, an AI-powered phishing detection system that integrates directly into the browser via a Chrome extension. It allows users to:
- Analyze suspicious emails and URLs instantly
- Receive a clear risk score and explanation
- Get actionable recommendations in real time
The system combines a Next.js web app, a browser extension, and an AI-powered backend to deliver fast and intuitive threat analysis.
🧠 What We Learned
During this project, we gained hands-on experience with:
- Building full-stack applications using Next.js and API routes
- Integrating AI models into real-world workflows
- Handling CORS and browser extension limitations
- Designing systems that remain reliable under API rate limits
- Structuring AI prompts to produce consistent, machine-readable output
We also learned how important UX and reliability are when building security tools—users need clarity, speed, and trust.
⚙️ How We Built It
Frontend: Next.js + Tailwind CSS Backend:API routes for processing and AI calls AI Engine:Cloud-based (Groq) + local model fallback (Ollama with Qwen) Extension: Chrome Extension (Manifest V3) for real-time interaction Deployment: Vercel
Flow:
User input → Extension/Web App → API → AI Model → Structured Analysis → UI
⚠️ Challenges We Faced
API Rate Limits: We hit usage limits quickly and had to implement fallback logic CORS Issues: Enabling communication between extension and backend required careful configuration AI Output Parsing: Ensuring consistent JSON responses from LLMs was tricky Deployment Debugging:Differences between local and production environments caused unexpected issues Email Extraction:** Extracting meaningful content from webmail interfaces required DOM handling
🌱 Future Scope
- Real-time inbox scanning
- Multi-model AI fallback for better reliability
- Chrome Web Store deployment
- Enterprise-grade phishing detection dashboard
🎯 Conclusion
PhishGuard demonstrates how AI can be embedded directly into everyday user workflows to prevent threats before they cause damage. Our goal is to make cybersecurity accessible, proactive, and seamless.
If you want, I can also make a shorter version (for submission limits) or a more storytelling-style version👍
Built With
- 3.8b
- language:-typescript-/-javascript-framework:-next.js
- local-llm
- ollama
- qwen
- tailwind-css-platform:-web-app-+-chrome-extension-cloud-service:-vercel-database:-none-apis:-groq-api-(llama-3)
Log in or sign up for Devpost to join the conversation.