WADE: A Browser Intrusion Defense System Based on Generative AI and OSINT Threat Intelligence

WADE is an innovative browser intrusion defense system that integrates Groq Llama-3, Google Gemini large language models and multi-source OSINT threat intelligence. It provides real-time zero-day phishing website detection, malicious script identification and social engineering attack protection, aiming to offer users proactive, real-time cybersecurity defense.

In the digital age, phishing, malicious scripts and social engineering attacks are major threats to ordinary users. Traditional antivirus software and firewalls can only intercept attacks after they occur, and are ineffective against zero-day attacks and sophisticated phishing websites. Statistics show over 90% of cyber attacks start with phishing emails or malicious links, putting users at risk the moment they click a link.

WADE adopts a three-layer architecture:

1. Edge Perception Layer: Chrome extension based on Manifest V3, which intercepts navigation requests in real time before page loading.
2. Smart Core Layer: FastAPI backend deployed on Hugging Face, integrating Groq Llama 3.3 70B and Google Gemini 1.5 Flash models for multi-model collaborative analysis.
3. Visualization Layer: Glass-morphic dashboard with CSS3 3D effects, displaying security telemetry data, threat logs and history.

WADE's detection process combines OSINT and AI:

1. Multi-source OSINT Integration: Queries VirusTotal v3 API, URLHaus and Phishing.Database for URL historical records and community ratings.
2. Generative AI Deep Analysis: For gray-area URLs, Llama 3.3 70B and Gemini 1.5 Flash analyze domain credibility, content semantics, phishing features and social engineering话术 via cross-validation.
3. Real-time Response: URLs with risk score >75% trigger isolation, showing a warning page with detailed reports (suspicious code, domain anomalies, SSL issues).

1. Hover Preview Risk Assessment: Millisecond-level risk evaluation when hovering over links, displaying risk level indicators.
2. AI-driven Forensics: Generates natural language reports explaining threat reasons for blocked URLs.
3. Privacy Protection: Uses local cache for common URLs; no browsing history storage; sensitive data cleared from memory quickly.

1. Browser Extension: Manifest V3, JavaScript content scripts/service workers, CSS3 glass UI.
2. Backend: FastAPI async model, SQLite3 cache, RESTful APIs (health check, model query, URL prediction).
3. AI Collaboration: Weighted voting mechanism—Llama3.3 for complex reasoning, Gemini1.5 Flash for speed/multimodal capabilities.

Deployment steps:

1. Clone code repository.
2. Configure GROQ, GEMINI and VIRUSTOTAL API keys.
3. Start FastAPI backend service.
4. Load extension via Chrome developer mode.

License: MIT open source, allowing free modification and secondary development.

WADE represents the evolution of cybersecurity to AI-native solutions, which understand attack semantics and have stronger generalization than traditional signature-based tools. Future applications may expand to email clients and IM tools for all-round protection. Its open source nature provides a collaborative platform for the security community to advance collective defense.