• Social Media Safety Score — Automatically verify your Facebook, Instagram,
X, LinkedIn, and TikTok security settings (2FA, privacy, DMs, location)
when you visit their settings pages. No manual self-assessment needed.

• Zero-Day Phishing Detection — New heuristics catch minimal credential
harvesters, fake MFA pages, subdomain bait, QR-code quishing, and
late-injected SPA forms that bypass traditional blocklists.

• Behavioral Exfiltration Monitor — Detects fetch, sendBeacon, XMLHttpRequest,
and rapid pushState abuse used by modern phishing kits.

• Privacy Mode Enforcement — STRICT mode now redacts threat payloads and
URL hashes. FORTRESS mode suppresses all telemetry and heartbeats.

• Held-Out Detection Benchmark — 88.9% STANDARD / 100% AGGRESSIVE
catch rate on unseen threats with 0% false positives on benign flows.

Improvements:
• Reduced permission surface — 'management' is now an optional permission
• LRU cache eviction prevents memory growth on long sessions