Desant Security is a cybersecurity company headquartered in Winterthur, Switzerland, building AI-powered tools that detect and mitigate phishing threats in real time.

Founded by Cristian Cornea — IT Security Analyst, Incident Responder, and Detection Engineer — Desant develops practical, scalable security AI that protects individuals and enterprises without compromising privacy.

What We Do

We train and deploy machine learning models that analyze web page screenshots to identify phishing login pages — catching credential-theft attempts before users interact with them.

Our models power the Desant Phishing Detector browser extension for Google Chrome and Microsoft Edge, delivering on-demand phishing verdicts in under 50ms.

Key Principles

• Privacy First — Data processed in Switzerland and Germany. GDPR compliant. Short data retention.
• Real-Time Detection — Sub-50ms inference for instant phishing alerts.
• Continuous Improvement — Models regularly retrained on fresh phishing campaigns from PhishTank, OpenPhish, URLhaus, and AlienVault OTX.
• Edge to Cloud — From 2.9 MB on-device Edge TPU models to full-precision cloud classifiers, covering the entire deployment spectrum.

Models

Cloud Model — CLIP ViT-B/32  

Our primary classifier uses a frozen OpenAI CLIP ViT-B/32 vision encoder with a custom 3-layer MLP head, fine-tuned on thousands of real phishing and legitimate login page screenshots. This model delivers the highest accuracy and powers our cloud API and browser extension backend.

Input Image (screenshot)
    │
    ▼
┌─────────────────────────┐
│   OpenCLIP ViT-B/32     │  ← Frozen pre-trained encoder
│   Vision Encoder        │
└────────┬────────────────┘
         │ 512-dim features
         ▼
┌─────────────────────────┐
│   Classifier Head       │
│   Linear(512 → 512)     │
│   Linear(512 → 128)     │
│   Linear(128 → 2)       │  ← [safe, malicious]
└────────┬────────────────┘
         │
         ▼
    Softmax → Probability

Edge Model — MobileNetV2 INT8 for Google Coral  

A knowledge-distilled MobileNetV2 student model, fully quantized to INT8 and compiled for the Google Coral Edge TPU. All 68 operators run entirely on the TPU with zero CPU fallback — designed for air-gapped deployments, IoT security appliances, and Raspberry Pi edge nodes.

Datasets

Spaces

Products

Desant Phishing Detector — Browser Extension  

Free browser extension for Google Chrome and Microsoft Edge that analyzes suspicious login pages on demand. Click "Analyze" on any authentication page and receive an instant SAFE or MALICIOUS verdict.

Erna CyberOps Platform  

Enterprise-grade phishing detection API with JWT authentication, CSRF protection, and batch inference capabilities. Integrates into SOC workflows, SIEM pipelines, and custom security tools.

Technical Approach

Our phishing detection pipeline analyzes visual patterns in web page screenshots rather than relying solely on URL heuristics or blocklists:

┌──────────────┐     ┌──────────────┐     ┌──────────────┐     ┌──────────────┐
│  1. Capture   │ ──▶ │ 2. Preprocess │ ──▶ │  3. Infer     │ ──▶ │  4. Verdict   │
│  Screenshot   │     │  Resize+Pad   │     │  CLIP/MobileN │     │  SAFE or MAL  │
└──────────────┘     └──────────────┘     └──────────────┘     └──────────────┘

This vision-based approach catches phishing pages that evade traditional URL/domain-based detection, including homograph attacks, compromised legitimate domains, and novel phishing kits.

Training Data Sources

Our models are trained on real-world phishing data from established threat intelligence feeds:

Safe/legitimate samples include real login pages from major services (Google, Microsoft, banking portals), search engines, and general web content.