Show HN: Stingray Security – In-browser AI checking for phishing and scams
chromewebstore.google.comThis Chrome extension was born from one simple realization: phishing drives over 90% of breaches, yet our main defences are outdated. Security awareness training and periodic phishing tests have nebulous effect and blocklists are always behind (especially against sites using bot protection to hide from scanners.)
With a torrent of vibe-coded phishing sites emerging, we need smarter tools. I figured the best place to detect a phishing site is right when you're on one. Therefore, this extension runs a lightweight AI agent in your browser that scans any new, unpopular sites you visit in real time. how are you determining if it's a phishing site? It's triggered on certain events, like a download or rendering a password field. First off it checks if you're on a domain thats "green" (safe/popular). for the top 100k domains (should be about 90% of browsing) that's just locally loaded and the page doesn't do anything. From there, there's a bunch of heuristics to see if it's on a flagged page. If it's not, so "unknown" a local ML model will run against the text of the page to see if it fits the patterns of a phishing page. It was training on available datasets and shipped with the extension, so it does the checks in-browser against what it sees in an unknonwn situation.