Pluto

something sus? It's on us

Comment

Inspiration

The idea for PLUTO came from a simple but real problem — we trust websites too easily. Every day, users click links without knowing what’s actually happening behind the scenes. Most security tools only react after something goes wrong, and that gap is exactly where attacks happen.

We wanted to build something that works before the damage — a system that checks, analyzes, and protects in real time, without requiring users to be cybersecurity experts. The goal was to make advanced security feel effortless and intuitive, almost like having a smart assistant watching your back while you browse.

What it does

PLUTO is an AI-powered cyber defense system that protects users while they browse the internet.

It intercepts websites before they load, scans them inside a sandboxed browser, and analyzes them using AI to detect threats like phishing, unsafe scripts, and cookie vulnerabilities. If something looks risky, it warns the user and can even block the site.

At the same time, it monitors network activity, detects suspicious patterns like DDoS attacks, brute-force attempts, and bot traffic, and automatically responds by blocking or limiting threats.

Everything is visible through a live SOC-style dashboard, and users can also control the system using a CLI tool for a more technical workflow.

How we built it

We built PLUTO as a full-stack system combining multiple components:

  • Frontend: Next.js + TypeScript dashboard for real-time monitoring
  • Backend: API routes handling traffic, scanning, and responses
  • Sandbox: Playwright-based isolated browser to safely analyze websites
  • AI Layer: Gemini for threat detection and reasoning
  • Extension: Chrome extension to intercept navigation and collect data
  • CLI: A terminal interface for power users
  • Real-time updates: Server-Sent Events (SSE) for instant dashboard updates

We kept everything modular so each part — scanning, detection, response — works independently but connects seamlessly.

Challenges we ran into

One of the biggest challenges was building a truly interactive sandbox environment. Initially, we could scan websites, but users couldn’t interact with them safely. Making a live, clickable sandbox browser required rethinking how Playwright sessions are handled and streamed.

Another challenge was ensuring real-time updates. Polling made the dashboard feel slow, so we switched to SSE, which made everything feel instant but required careful state handling.

We also had to make sure that adding new features didn’t break the system. Since multiple components (extension, backend, dashboard, CLI) interact with each other, maintaining stability while scaling features was tricky.

Accomplishments that we're proud of

  • Built a working sandbox browser where users can safely explore risky websites
  • Achieved real-time threat detection and dashboard updates
  • Implemented an AI-driven response system that reacts automatically
  • Created a CLI interface alongside a full web dashboard
  • Designed the system to work even without the extension (for demos and flexibility)

Most importantly, we turned a complex cybersecurity concept into something that feels simple and usable.

What we learned

This project taught us a lot about system design and integration. Building individual features is one thing, but making them all work together reliably is a completely different challenge.

We also learned how important real-time systems are in security — delays reduce effectiveness. Optimizing performance and data flow became just as important as building features.

Another key learning was balancing automation and control. While AI can automate decisions, it’s important to keep systems transparent and understandable for users.

What's next for Pluto

We want to take PLUTO beyond a hackathon project and make it more production-ready.

Some next steps include:

  • Adding persistent storage instead of in-memory data
  • Improving the sandbox with faster and more scalable streaming
  • Integrating real threat intelligence APIs
  • Building a multi-user system with authentication
  • Adding an AI security copilot for interactive assistance

Long term, the vision is to turn PLUTO into a complete browser security layer that works seamlessly in the background while keeping users safe.

Built With

  • chromium
  • gemini
  • nextjs
  • playwright
  • sse
Share this project:

Updates