Spaces:

desant-ai
/

README

Running

App Files Files Community

README / README.md

Cristi

style: apply CyberShield theme to org card

1d1cee6 about 2 months ago

preview code

raw

history blame contribute delete

9.56 kB

metadata

title: Desant AI
emoji: 🛡️
colorFrom: blue
colorTo: green
sdk: static
pinned: false

Desant AI

AI-Powered Phishing Detection at the Edge and in the Cloud

Desant Security is a cybersecurity company headquartered in Winterthur, Switzerland, building AI-powered tools that detect and mitigate phishing threats in real time.

Founded by Cristian Cornea — IT Security Analyst, Incident Responder, and Detection Engineer — Desant develops practical, scalable security AI that protects individuals and enterprises without compromising privacy.

What We Do

We train and deploy machine learning models that analyze web page screenshots to identify phishing login pages — catching credential-theft attempts before users interact with them.

Our models power the Desant Phishing Detector browser extension for Google Chrome and Microsoft Edge, delivering on-demand phishing verdicts in under 50ms.

Key Principles

Privacy First — Data processed in Switzerland and Germany. GDPR compliant. Short data retention.
Real-Time Detection — Sub-50ms inference for instant phishing alerts.
Continuous Improvement — Models regularly retrained on fresh phishing campaigns from PhishTank, OpenPhish, URLhaus, and AlienVault OTX.
Edge to Cloud — From 2.9 MB on-device Edge TPU models to full-precision cloud classifiers, covering the entire deployment spectrum.

Models

Model	Architecture	Size	Target	Accuracy
`desant-phishing-inference`	CLIP ViT-B/32 + MLP	~335 MB	GPU / CPU (cloud)	92–96%
`desant-phishing-detector-google-coral-int8`	MobileNetV2 INT8	2.93 MB	Google Coral Edge TPU	~89%

Cloud Model — CLIP ViT-B/32

Our primary classifier uses a frozen OpenAI CLIP ViT-B/32 vision encoder with a custom 3-layer MLP head, fine-tuned on thousands of real phishing and legitimate login page screenshots. This model delivers the highest accuracy and powers our cloud API and browser extension backend.

Input Image (screenshot)
    │
    ▼
┌─────────────────────────┐
│   OpenCLIP ViT-B/32     │  ← Frozen pre-trained encoder
│   Vision Encoder        │
└────────┬────────────────┘
         │ 512-dim features
         ▼
┌─────────────────────────┐
│   Classifier Head       │
│   Linear(512 → 512)     │
│   Linear(512 → 128)     │
│   Linear(128 → 2)       │  ← [safe, malicious]
└────────┬────────────────┘
         │
         ▼
    Softmax → Probability

Edge Model — MobileNetV2 INT8 for Google Coral

A knowledge-distilled MobileNetV2 student model, fully quantized to INT8 and compiled for the Google Coral Edge TPU. All 68 operators run entirely on the TPU with zero CPU fallback — designed for air-gapped deployments, IoT security appliances, and Raspberry Pi edge nodes.

Datasets

Dataset	Description
`LoginPagePhishingVsBenign-2026`	Curated phishing vs. legitimate login page screenshots for training and evaluation

Spaces

Space	Description
`Desant Phishing Detection`	Interactive demo — upload any screenshot and get a phishing verdict with confidence score

Products

Desant Phishing Detector — Browser Extension

Free browser extension for Google Chrome and Microsoft Edge that analyzes suspicious login pages on demand. Click "Analyze" on any authentication page and receive an instant SAFE or MALICIOUS verdict.

Erna CyberOps Platform

Enterprise-grade phishing detection API with JWT authentication, CSRF protection, and batch inference capabilities. Integrates into SOC workflows, SIEM pipelines, and custom security tools.

Technical Approach

Our phishing detection pipeline analyzes visual patterns in web page screenshots rather than relying solely on URL heuristics or blocklists:

┌──────────────┐     ┌──────────────┐     ┌──────────────┐     ┌──────────────┐
│  1. Capture   │ ──▶ │ 2. Preprocess │ ──▶ │  3. Infer     │ ──▶ │  4. Verdict   │
│  Screenshot   │     │  Resize+Pad   │     │  CLIP/MobileN │     │  SAFE or MAL  │
└──────────────┘     └──────────────┘     └──────────────┘     └──────────────┘

This vision-based approach catches phishing pages that evade traditional URL/domain-based detection, including homograph attacks, compromised legitimate domains, and novel phishing kits.

Training Data Sources

Our models are trained on real-world phishing data from established threat intelligence feeds:

Source	Type
PhishTank	Community-verified phishing URLs
OpenPhish	Automated phishing intelligence
URLhaus (Abuse.ch)	Malware and phishing URL tracker
AlienVault OTX	Open threat exchange

Safe/legitimate samples include real login pages from major services (Google, Microsoft, banking portals), search engines, and general web content.

Desant Security · Winterthur, Switzerland