This is super cool. Tangentially related, I made Ward which analyzes harmful ads: https://tryward.app Blocking them altogether is definitely an elegant solution.
I have a 2-stage agent that analyzes all of the DOM content (including pop up ads). If anything remotely resembles a scam, it passes the DOM content to a second “judge” LLM that’s more powerful and has a ton of criteria for top scam techniques.
The goal of the 2 stage agent is to prevent resource consumption when something isn’t a scam/harmful, and reduce false positives by doing a second pass if something flags.
I’m currently not detecting content from scripts though, just raw HTML at the moment. Good thinking on your side for doing that, I’m gonna throw it in my backlog.
This is pretty cool. I barely use the web UIs for LLMs anymore. Any way you could make a wrapper for Claude Code/Cursor/Gemini CLI? Ideally it works like github push protection in GH advanced security.
In the FBI's 2024 IC3 report, internet crime losses were estimated to be over $16B, with $4.8B attributed directly to individuals 60+. Many people know folks who have gotten hit by Medicare, investment, or tech support scams. You probably can think of someone close to you.
Antivirus programs are antiquated, bloated, and resource intensive and fail to protect users from scam sites. When I had a family member ask me what antivirus to buy for web threats I couldn't recommend anything.
We launched Ward to try and address this problem for our family members, but realized quickly it can help basically any non-savvy internet user - elders, children, non-technical folks, etc. It uses Gemini Nano in the browser under the hood for scanning the DOM and URL for anything suspicious, and has a cloud-enabled mode for supporting less capable hardware like Chromebooks.
We're currently open source and are looking for any and all feedback and testers. We're free in our beta with a high soft quota. When a threat is detected, the user will immediately be directed to stop and click the extension for details, blocking the scam from proceeding.
There's prob not many people on HN who would fall for these, but would you pay for this for peace of mind for a loved one?
Very neat - I imagine you could even use this as a web scanner to identify security misconfigurations in API implementations (e.g. broken access control)
We’re building Ward, a security browser extension that uses Gemini Nano, an on-device LLM, to scan for phishing, scams, and other threats from the DOM.
Think of an antivirus for everyday web users, like young children, older adults, and less savvy individuals.
We recently participated in the Google Chrome Built-in AI Challenge 2025 and have submitted to the Chrome Web Store.
We’re looking to meet people who may know someone Ward is good for and would want to provide feedback. Alternatively, we’d love to chat with any IT Managers/Directors of Security/Google Apps Admins who would be interested in piloting us as an anti-phishing enterprise solution.
You can DM or hit me at fitzgeraldcedric(AT)gmail.com :)
Ooh, good idea. It started as a question: "How do we make this thing the most private?" and the obvious answer was using offline local device LLMs (e.g. Prompt API/Gemini Nano).
Will poke around and see if there's interest here, thank you!
Is this a shocker? In the cloud, you pay for convenience. This is basically running your own Kubernetes cluster. Right for the right teams (highly technical infra engineers).
I’ve been casually getting into thrifting and realized pretty quickly that Lens is super limited in its functionality and is mostly a shopping app. I put a site together that is like a supercharged version of Lens for thrifters where you can get info on price, demand, and condition. Share function is borked atm tho
GPT-5, announced today, follows the same pattern we've seen from OpenAI these past few releases - better model cards, faster inference, lower costs.
And yet it still uses the em dash (—), or long hyphen, far more frequently than is found in typical written communication.
Is OpenAI "locked in" to the em dash as a result of its use of unsupervised training of model outputs on their subsequent models? Or are they willingly keeping it now a signature part of their brand?
It seems odd for them to continue to produce "AI-sounding" text from their newest model's default prompt - but at least it makes it easier to identify AI-generated content.
