Live demonstration with a website from Phishtank.com

🚀 SafeSurf – AI-Powered Browser Safety System

Inspiration

With the increasing number of phishing attacks, malicious websites, and emerging threats like prompt injection, users are more vulnerable than ever while browsing. Most existing solutions are either reactive or lack real-time intelligence.

SafeSurf was inspired by the need to create a proactive, intelligent, and real-time browser security system that can protect users from both traditional and modern web-based threats.

What it does

SafeSurf is a browser extension that enhances user safety by detecting and preventing multiple types of threats:

🔗 Detects phishing URLs using PhishTank
⚠️ Identifies suspicious URL structures (e.g., obfuscation)
📄 Flags low-content or deceptive web pages
🧠 Detects prompt injection attempts
🔐 Identifies potential API key leaks or sensitive data exposure
🚨 Provides real-time alerts with options like Go Back or Continue

🛠️ How we built it

We built SafeSurf as a Chrome Extension using:

JavaScript for core logic and browser interaction
PhishTank API for real-time phishing URL detection
Custom heuristics for analyzing URL patterns and page content
A dynamic alert UI overlay to notify users instantly
Pattern-based detection for prompt injections and API leaks -Integrated gemini-2.5-slash to analyze page

The detection pipeline is modular, allowing future integration of AI/ML models and LLMs.

⚡ Challenges we ran into

Reducing false positives in heuristic-based detection
Balancing security and usability (giving users control with warnings) -Working with gemini API it only allows 20 calls per session which is insuitable for chrome entensions i'm thinking to replace gemini api with Groq's API which is free and also provide around 14000 calls ---

Accomplishments so far

Built a working prototype capable of detecting phishing sites live
Implemented multi-layered threat detection (URL + content + behavior)
Added detection for prompt injection and API leaks
Designed a clean and intuitive threat alert system
Created a strong foundation for future AI-powered enhancements

📚 What we learned

How browser extensions interact with web pages and APIs
Practical challenges in building real-world cybersecurity systems
Importance of layered security (Defense in Depth):

$$ \text{Security} = \text{URL Analysis} + \text{Content Analysis} + \text{Behavior Detection} $$

How to integrate external threat intelligence sources like PhishTank
Designing user-friendly security experiences

🔮 What's next for SafeSurf

Integrate LLMs (Ollama) for intelligent threat reasoning
Develop an offline ML model for phishing detection
Add cookie tracking and privacy management
Build a dashboard for threat analytics
Expand detection to malware, trackers, and unsafe downloads
Deploy SafeSurf as a full-scale browser security product

Built With

chrome-extension-api
flask
gemini-api
javascript
manifest

Submitted to

Created by

During this hackathon i worked on SafeSurf which is chrome extension able to detect malicious websites.Nowdays many attacks are carried out with the help of ai and attacks like prompt injection ,api leaks and zero day have increased alot so i wanted to tackle this issue.I am frther more enhancing SafeSurf by providing users with privacy such as cookies tracking which will help users to track wthat type of cookies are being stored in various websites and Offline detection (Such as integrating simple ML model or LLM ollama)

Rutuja Soundale

Updates

Rutuja Soundale started this project — Apr 01, 2026 02:23 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.