SNOS AI

SNOS AI is a conversational AI agent platform designed to protect users from digital fraud and online scams. It functions as an active "Digital Private Investigator"

Comment

SNOS AI Project Story

Inspiration Online scams have become an epidemic in Malaysia and across Southeast Asia, causing billions in losses and devastating victims' lives. From Macau scams to deepfake impersonations, fraudsters are leveraging increasingly sophisticated AI technology to manipulate innocent people. We watched as our parents, friends, and neighbors fell victim to government impersonation scams, fake investment schemes, and voice-cloned phone calls - often feeling too embarrassed to report or seek help.

The gap was clear: while scammers embraced cutting-edge AI to deceive, everyday users had no accessible, intelligent tool to protect themselves. Existing security solutions were either too technical, too expensive, or simply passive scanners that lacked the compassionate guidance victims desperately needed. We envisioned a different approach - what if AI could be the shield instead of the sword? What if we could democratize fraud detection and make it as simple as chatting with a trusted friend?

This vision birthed S.N.O.S. AI (Say No to Online Scam AI) - Malaysia's first conversational AI agent that acts as a "Digital Private Investigator," combining forensic analysis with genuine empathy to protect users from digital fraud.

What it does S.N.O.S. AI is a comprehensive anti-scam platform that empowers users to verify suspicious content through natural conversation. Instead of navigating complex security tools, users simply chat with our AI agent and share whatever concerns them - a WhatsApp message, a suspicious phone call, a video that seems too good to be true, or a website link they're unsure about.

Core Capabilities:

  • Multi-Modal Forensic Analysis: Users can submit text messages, images, audio recordings, videos, or URLs. Our AI agent analyzes each medium using specialized detection tools:
  • Deepfake Detection via Reality Defender API for images, videos, and audio
  • URL Scanning via VirusTotal for phishing and malicious website detection
  • Content Analysis using Claude AI to identify social engineering patterns, urgency tactics, and scam indicators
  • Intelligent Investigation Protocol: Like a real investigator, S.N.O.S. AI follows a structured approach: a. Acknowledges the user's concern with empathy b. Gathers context through clarifying questions c. Analyzes content using appropriate forensic tools d. Presents findings with a clear risk assessment (High/Medium/Low) e. Provides actionable guidance tailored to Malaysian authorities and procedures
  • Community-Powered Threat Intelligence: Users can report scams they encounter, creating a crowdsourced database of verified threats. Admin reviewers verify submissions, building a real-time threat intelligence network specific to Malaysian and regional scam patterns.
  • Multi-Lingual Support: Recognizing Malaysia's diverse population, the platform supports English, Bahasa Malaysia, and Chinese Simplified - ensuring no one is left vulnerable due to language barriers.
  • Subscription Plans: From free tier (5 scans/month) for cautious individuals to Enterprise plans with full API access for organizations, S.N.O.S. AI scales to different protection needs.

How we built it We architected S.N.O.S. AI as a full-stack serverless application, prioritizing real-time responsiveness and scalability:

Frontend Architecture:

  • Next.js 15 with App Router for modern React patterns and server-side rendering
  • Shadcn UI component library built on Radix UI for an accessible, beautiful interface
  • Tailwind CSS v4 with a custom "High-Utility Minimalism" design system - pill-shaped buttons, minimal shadows, stark contrast, and content-first layouts
  • next-intl for seamless multi-lingual experiences

Backend Architecture:

  • Convex as our all-in-one backend solution, providing:
  • Real-time database with automatic reactivity
  • Built-in file storage for media uploads
  • Convex Auth with Magic Link (Resend), OTP, and Password providers
  • Convex Agent framework for AI orchestration
  • Anthropic Claude 3.5 Sonnet via Azure Foundry AI as our reasoning engine
  • Vercel AI SDK for streaming AI responses and tool calling

External API Integrations:

  • Reality Defender API: State-of-the-art deepfake detection for images, videos, and audio analysis
  • VirusTotal API: Comprehensive threat intelligence for URL scanning and domain reputation checking
  • Firecrawl API: Web search and content scraping for threat research

Database Schema: We designed a normalized schema with six core tables: users (with role-based access and subscription management), conversations, messages (supporting multi-modal attachments), reports (community submissions), threats (verified fraud database), and news (scam awareness feed).

AI Agent System Prompt: We crafted a detailed system prompt that defines S.N.O.S. AI's identity as a compassionate Digital Private Investigator, with strict guardrails ensuring it only assists with fraud prevention - never off-topic requests. The prompt includes investigation protocols, Malaysian cultural context, ethical guidelines, and structured response templates.

Development Workflow: We followed a phased approach documented in our comprehensive PRD, building foundation first (authentication, database schema), then core features (chat interface, AI integration), followed by advanced capabilities (deepfake detection, admin console). We used ByteRover CLI to synchronize our documentation (design style guide, technical specifications & etc) and knowledge base context data into ByteRover Repo under https://beta-app.byterover.dev/Connesis/snos-ai-agentic/contexts/main

Every component is TypeScript-strict for type safety and documented with JSDoc comments.

Challenges we ran into 1. Convex Auth Integration Complexity: Implementing Convex Auth with multiple providers (Magic Link, OTP, Password) required deep understanding of the authentication flow. We initially struggled with TypeScript errors and module resolution issues, but eventually created a robust setup with custom email templates via Resend and proper user creation callbacks.

2. Frontend-Backend Type Synchronization: With Convex auto-generating TypeScript types in the backend, keeping the frontend in sync was challenging. We developed a custom type syncing workflow and created stub files to ensure seamless type safety across the stack without manual copying errors.

3. Tailwind CSS v4 Migration: Upgrading to Tailwind CSS v4 mid-development introduced breaking changes in configuration patterns. We had to restructure our design tokens system to use the new CSS variable approach, but this ultimately led to a cleaner, more maintainable design system.

4. Multi-Modal Analysis Architecture: Designing the AI agent to intelligently detect content types (text vs URL vs image vs video vs audio) and orchestrate parallel tool calls while maintaining conversational context was architecturally complex. We solved this with a tool selection logic that parses message content and attachment metadata, executing tools concurrently when possible.

5. Real-Time Streaming with Large Media Files: Balancing real-time AI response streaming with potentially large media file processing (videos up to 50MB) required careful workflow design. We implemented asynchronous processing where media is uploaded to Convex Storage, analyzed via external APIs, and results aggregated into the streaming response without blocking the user experience.

6. Malaysian-Specific Scam Pattern Context: Ensuring S.N.O.S. AI truly understood Malaysian fraud landscape - from Macau scams to e-wallet phishing - required extensive prompt engineering and cultural localization beyond simple translation. We embedded Malaysian authority references (PDRM CCID, Bank Negara, MCMC) and local scam patterns directly into the system prompt.

Accomplishments that we're proud of

  1. Complete Foundation Architecture: We successfully built a production-ready foundation with Convex backend fully deployed, Next.js frontend connected, authentication system implemented with three sign-in methods, and a comprehensive design system applied consistently across all components.

  2. Multi-Modal AI Agent Framework: We architected a sophisticated AI agent system that can seamlessly analyze text, URLs, images, videos, and audio - a truly rare capability in the anti-scam space. The agent intelligently orchestrates multiple external APIs while maintaining empathetic, conversational responses.

  3. Compassionate UX Design: Unlike cold, technical security tools, S.N.O.S. AI treats users with warmth and understanding. Our system prompt embeds empathy at its core, recognizing that scam victims often feel embarrassed or violated. The structured response format (Investigation Summary → Risk Assessment → Key Findings → Recommended Actions → Prevention Tips) guides users through anxiety with clarity.

  4. Community-Powered Threat Intelligence: We built a complete reporting and verification system where users become active participants in fraud prevention. Admin tools allow verification of community reports, building a Malaysian-specific threat database that grows more powerful with every verified submission.

  5. Real-Time Collaboration Architecture: Leveraging Convex's real-time database, we achieved instant conversation updates, streaming AI responses, and automatic UI reactivity - creating a fluid, modern chat experience that rivals consumer messaging apps.

  6. Comprehensive Documentation: We produced extensive documentation including PRD, Application Flow diagrams, UI Design Guidelines, Development Plan, System Prompt documentation, and detailed TODO task tracking - ensuring the project is maintainable and scalable long-term.

  7. Type-Safe Full-Stack Application: With TypeScript strict mode throughout and Convex's generated types, we achieved end-to-end type safety from database schema to frontend components, dramatically reducing bugs and improving developer experience.

What we learned

  1. Convex as a Game-Changer for Rapid Development: Traditional backend development with separate database setup, authentication implementation, file storage configuration, and real-time subscriptions would take weeks. Convex collapsed this into days with its all-in-one approach. The automatic reactivity and built-in file storage were particularly transformative for our multi-modal use case.

  2. AI Agent Orchestration Requires Careful Prompt Engineering: Simply connecting Claude API isn't enough - effective AI agent behavior requires meticulous system prompt design. We learned to balance conversational warmth with strict scope guardrails, structure responses consistently, and embed cultural context deeply. The prompt is as critical as the code.

  3. User Empathy Must Be Technical, Not Just Marketing: Building for scam victims taught us that empathy needs to be embedded in the code architecture - from error message phrasing to loading state copy to response structure. Technical decisions about timing, clarity, and accessibility directly impact user trust during vulnerable moments.

  4. Multi-Modal Analysis Is Exponentially Complex: Each content type (text, URL, image, video, audio) requires specialized external APIs, unique validation logic, different error handling, and distinct result interpretation. Orchestrating these in parallel while maintaining conversational coherence stretched our architectural thinking.

  5. Real-Time Streaming Transforms UX Perception: Implementing AI response streaming via Vercel AI SDK dramatically improved perceived responsiveness. Even when actual processing takes 10-15 seconds, users feel engaged watching the response generate token-by-token, reducing anxiety during analysis.

  6. Type Synchronization Across Monorepo Boundaries: Managing type definitions when backend auto-generates them taught us the importance of clear conventions and automated workflows. Our type syncing documentation and stub file approach became critical for team scalability.

  7. Design Systems Require Discipline: Our "High-Utility Minimalism" design philosophy (pill buttons, minimal shadows, stark contrast) created a distinctive identity, but required constant discipline to maintain. Documenting specific patterns (rounded-full for buttons, rounded-md for cards, border hierarchies) in UI Guidelines was essential.

What's next for SNOS AI Phase 2 Enhancements (Months 2-3):

  • Admin Console: Build complete admin dashboard with user management, report review, and threat database moderation
  • Advanced Analytics: Track scam trends, generate threat intelligence reports, and provide insights to Malaysian authorities
  • Enhanced Multi-Lingual AI: Train the AI agent to respond in Malay and Chinese, not just English with translated UI
  • Mobile Optimization: Refine touch interactions, gestures, and mobile-specific UX patterns

Future Vision (6-12 Months):

  • Native Mobile Apps: iOS and Android apps with push notifications for real-time scam alerts
  • Browser Extension: Chrome/Firefox/Safari extensions that auto-scan links and warn about phishing before users click
  • WhatsApp Bot Integration: Allow users to forward suspicious WhatsApp messages directly to S.N.O.S. AI for instant analysis
  • API Marketplace: Open our deepfake detection and threat intelligence APIs for banks, e-commerce platforms, and security companies to integrate
  • Advanced ML Training: Fine-tune custom deepfake detection models specifically for Malaysian and Southeast Asian scam patterns
  • Partnership with Authorities: Collaborate with PDRM CCID and Bank Negara to feed verified threats directly into national scam prevention initiatives

Long-Term Impact Goal: Our mission extends beyond technology - we aim to reduce online fraud victimization in Malaysia by 50% within three years. By democratizing access to AI-powered fraud detection, building community-driven threat intelligence, and partnering with authorities, S.N.O.S. AI will become the first line of defense for millions of Malaysians navigating the digital world safely.

Made with ❤️ to protect users from online scams

Built With

  • anthropic
  • byterover-cli
  • convex
  • cursor
  • nextjs
  • shadcn
  • tailwind
Share this project:

Updates