Zero-Trust Web Guardian

A dual-layer AI security shield powered by ASI-1. It proactively quarantines zero-day phishing in the browser and autonomously blocks live network threats on the server in real-time.

Comment

πŸ’‘ Inspiration

The traditional cybersecurity model is broken. Legacy antivirus extensions rely on static blocklists (URLs and known signatures). But in today’s world, scammers spin up new phishing domains in minutes, making blocklists obsolete almost instantly. We realized that to truly protect users and servers, security shouldn't rely on what a link is, but rather what its intent is. Inspired by the "Zero-Trust" enterprise architecture, we wanted to bring that same paranoid, AI-driven contextual security directly to the user's browser and the company's backend.

βš™οΈ What it does

Zero-Trust Guardian is a proactive, dual-layer AI security ecosystem:

  1. The Browser Shield (Proactive Quarantine): A Chrome Extension that silently scans newly loaded webpages in the background. If it detects social engineering or phishing (e.g., asking for crypto seed phrases), it executes a "Zero-Click Quarantine," freezing the DOM and locking the user out of the page before they can make a mistake.
  2. The Autonomous Agent (Backend Defense): A Python daemon that continuously monitors live server traffic (server_logs.json). It uses AI to analyze network anomalies in real-time, successfully differentiating between benign user activity and malicious intent (like Port Scans or Brute Force attempts), blocking threats autonomously.

πŸ› οΈ How we built it

We engineered the system using a highly decoupled architecture:

  • Client-Side: Built using Chrome Extension Manifest V3. We utilized chrome.scripting to extract rendered DOM text and inject our Quarantine UI overlay.
  • Server-Side Engine: Built with Python and FastAPI to handle requests asynchronously, ensuring the browser UX remains lightning-fast.
  • The Brain (ASI-1): We integrated the ASI-1 API (/v1/chat/completions) as our core intelligence engine. By using strict system prompts, we forced the LLM to act as a deterministic security analyst, outputting strict JSON formats.

The Mathematics of Contextual Trust

Instead of simple keyword matching, our system relies on the ASI-1 model to dynamically evaluate the probability of malicious intent. Conceptually, the AI evaluates the page based on a dynamic risk function:

$$\text{Trust Score} = 100 - \left( \sum_{i=1}^{n} w_i \cdot I_i \right)$$

Where $I_i$ represents specific threat indicators (e.g., urgency, credential harvesting, domain spoofing) and $w_i$ represents the contextual weight of that threat assigned by the AI. If the $\text{Trust Score} < 30$, the system triggers the $O(1)$ quarantine protocol.

🚧 Challenges we ran into

  • Manifest V3 Network Restrictions: Moving to Manifest V3 meant dealing with strict background service worker lifecycles and CORS issues (Failed to fetch errors). We had to carefully configure host_permissions to allow seamless communication with our local FastAPI server.
  • AI Latency vs. User Experience: Waiting for an LLM to respond can take 1-3 seconds, which is an eternity in web browsing. We solved this by making our scanning asynchronous and limiting payload sizes (scraping only the first 3000 characters).
  • The "Zero-Click" Freeze: Figuring out how to completely neutralize a malicious webpage without crashing the browser required deep DOM manipulation (pointer-events: none and fixed z-index overlays).

πŸ† Accomplishments that we're proud of

  • Successfully integrating the ASI-1 API to return consistent, parsable JSON without hallucinating extra markdown.
  • Achieving a true "Zero-Click" quarantine where the user is protected proactively without needing to click an "Analyze" button.
  • Bridging the gap between frontend web security and backend server log monitoring in a single hackathon sprint.

πŸ“š What we learned

We learned that Generative AI is profoundly better at understanding the intent of a cyberattack than traditional Regex is at matching keywords. We also gained deep hands-on experience with Chrome's Manifest V3 service workers, asynchronous Python (FastAPI), and prompt engineering for strict data structuring.

πŸš€ What's next for Zero-Trust Guardian

  • Multimodal Vision Scanning: Upgrading the AI to read text hidden inside images (OCR) to prevent obfuscation attacks.
  • Active Firewall Integration: Connecting the backend Agent directly to iptables or Cloudflare APIs to automatically drop packets from IPs flagged by the AI.
  • Enterprise Dashboard: Building a React-based web app for security teams to monitor blocked threats and trust score analytics in real-time.

Built With

Share this project:

Updates