Voice/Phone Phishing Module
Phishing Email Module
Overall Dashboard/Profile Overview

PhishGuard

Inspiration

If we’re being honest, most compliance training gets clicked through.

You open the compliance training module. You mute the video while you make your morning coffee. You skip ahead. You answer the quiz questions you’ve seen a hundred times before. Pass. Done.

It becomes a box-checking exercise and something to satisfy the HR department, instead of something that actually improving employees' digital safety.

The problem is, real attacks don’t look like training slides. They don’t politely highlight “red flags.” They feel urgent. They look normal. They’re contextual. And now, with AI, they’re scalable and increasingly convincing.

That disconnect really stood out to us: we train people in a static, predictable way - but attackers operate dynamically.

PhishGuard was built around a simple idea:

If attackers are using AI to get smarter, compliance training should too.

Instead of designing another module people rush through, we wanted to build something you actually have to engage with.

What It Does

PhishGuard is an AI-powered security training platform that simulates realistic phishing emails, vishing calls, and deepfake voice scenarios.

But instead of asking users to identify “red flags” from a list, it puts them in a situation:

You’re looking at a realistic inbox.
You see a suspicious (but plausible) message.
You decide what to do - report it, reply, ignore it, escalate it.
You get instant, AI-generated feedback explaining the risk and your decision.

There’s no memorizing bullet points. You’re practicing judgment.

The idea is simple:

AI attacks. You defend.

Every scenario is dynamically generated, so the experience doesn’t feel repetitive or scripted. It mirrors the unpredictability of real-world threats - but in a safe, controlled environment.

How We Built It

PhishGuard uses AI (Gemini) to generate modern, context-aware attack scenarios, including:

Phishing emails tailored to realistic workplace situations
Vishing scripts that simulate social engineering pressure
Deepfake-style voice prompts for high-risk impersonation scenarios

The system is built around three core components:

Threat Generation – AI creates dynamic attack scenarios.
User Decision Capture – The platform records how users interact and what actions they take.
AI Evaluation & Coaching – AI analyzes the response and provides structured feedback.

Instead of hardcoding right/wrong answers, we designed a flexible evaluation model:

$$ \text{Score} = f(\text{threat recognition}, \text{risk assessment}, \text{action taken}) $$

This allows feedback to feel less like a quiz and more like a security mentor explaining the situation.

Challenges We Ran Into

Making It Hard to “Click Through”

One of our main goals was preventing the passive behavior that makes traditional compliance ineffective. That meant designing interaction flows where users actually have to inspect details and make decisions - not just press “Next.”

Balancing Realism and Responsibility

We wanted the scenarios to feel authentic without being manipulative or unethical. Designing convincing simulations while keeping everything safe required careful prompt engineering and guardrails.

Consistent AI Feedback

Allowing AI to evaluate decisions introduces variability. We had to carefully structure prompts to ensure feedback was consistent, accurate, and aligned with security best practices.

Accomplishments That We’re Proud Of

Building dynamic AI-generated attack simulations instead of static templates
Creating a feedback system that feels like coaching rather than grading
Designing an experience that actively prevents mindless “click-through” behavior
Demonstrating how AI can be both the attacker and the defender in training
Deploying the backend infrastructure onto Render, with a security first approach

What We Learned

People don’t ignore security because they don’t care - they ignore training because it doesn’t feel real and doesn't feel engaging
Engagement increases dramatically when users feel like they’re inside a scenario instead of watching one.
AI can simulate attackers just as effectively as it can coach defenders.
Compliance shouldn’t just prove participation - it should build reflexes.

What’s Next for PhishGuard

Expanding scenario diversity across industries and roles
Adding adaptive difficulty based on user performance
Building analytics dashboards for security teams to track behavioral trends
Integrating directly with enterprise reporting and security awareness workflows

PhishGuard is our attempt to move compliance training beyond something employees click through - and toward something that actually prepares them for the kinds of threats they’ll face tomorrow.

Built With

Updates

Vidyut Rajagopal started this project — Feb 22, 2026 05:31 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.