Inspiration
Email phishing attacks cost organizations billions annually, yet traditional security solutions are often slow, expensive, and privacy-invasive. I was inspired by the challenge of creating real-time phishing detection that's both lightning-fast and privacy-preserving. The availability of NVIDIA L4 GPUs on Google Cloud Run presented the perfect opportunity to build an AI-powered solution that could analyze email semantics in milliseconds without storing sensitive data.
What it does
ParsePhish is a serverless email phishing detection API that combines transformer embeddings with GPU-accelerated similarity search to identify malicious emails in under 200ms. Users send email content via REST API, and ParsePhish returns:
- Risk score (0-1) indicating phishing probability
- Suspect phrases found in the content
- Clear verdict (legitimate, suspicious, or phishing detected)
The API processes text semantically using AI, going beyond simple keyword matching to understand context and intent - detecting sophisticated phishing attempts that traditional filters miss.
How we built it
- FastAPI backend deployed on Google Cloud Run with NVIDIA L4 GPUs
- SentenceTransformers (
intfloat/e5-small-v2) for GPU-accelerated 384-dimensional text embeddings - FAISS (Facebook AI Similarity Search) for high-speed similarity search against known phishing patterns
- Python container optimized for Cloud Build compatibility
AI Pipeline:
- Text normalization and preprocessing
- GPU-accelerated transformer embedding generation
- FAISS similarity search against training corpus
- Intelligent scoring combining similarity votes with pattern matching
- Real-time response with explanatory details
Cloud Run Configuration:
- 16Gi memory + 4 vCPUs for GPU instances
- Scale-to-zero for cost efficiency
- HTTPS-only with automatic TLS
Challenges we ran into
Model Loading Performance: Cold starts took 30-60 seconds for transformer model initialization. To avoid this, I implemented lazy loading with global model caching to avoid reloading models between requests, added proper error handling and fallback mechanisms, and optimized the initialization sequence to reduce subsequent warm startup times.
Docker Build Issues: Initially I used NVIDIA CUDA base images that weren't compatible with Cloud Build. Instead, I switched to to a python base container and relied on Cloud Run's GPU runtime.
Accomplishments that we're proud of
- Fast Response Time: Achieved phishing detection with GPU acceleration for warm requests
- Privacy-First Design: Zero data persistence - all analysis happens in-memory only
- Accurate Detection: Successfully identifies phishing patterns vs legitimate emails with clear scoring
- Deployment Ready: Automated deployment scripts and comprehensive documentation
- Cost-Optimized: Scale-to-zero serverless architecture with intelligent resource management
- Semantic Understanding: Goes beyond keywords to understand context and intent using transformer embeddings
What we learned
By building ParsePhish, I discovered the power of combining Cloud Run's scaling with GPU-accelerated inference. Being able to deploy AI models as part of serverless apps opens up opportunities in creating privacy-centric services and self-deployable apps that were previously not possible due to cost and difficulty maintaining infrastructure. One of the biggest things I learned as part of my implementation was performance optimization for serverless apps that use AI, as you must balance accuracy with the need to cope with cold/warm starts while still minimizing cost.
What's next for ParsePhish - Serverless AI-powered phishing detection
- One-click deploys to Google Cloud. I would love to add a button to the README and this project page that lets users deploy with one click, but the current Cloud Run button would be confusing to users because of regional GPU availability and the GPU quota approval process.
- Enterprise Features: Add batch processing, custom training on organization-specific data, and compliance reporting
- API Integrations: Build connectors for popular email providers (Gmail, Outlook, ProtonMail)
- Multi-Language Support: Expand beyond English to detect phishing in multiple languages and character sets
Built With
- faiss
- google-cloud
- google-cloud-run
- python
Log in or sign up for Devpost to join the conversation.