Sekant Web Security Autor: Sekant Security

Sekant secures the browser using client-side models to detect threats in real-time. It covers 4 major use-cases:
1) Phishing Detection
2) ClickFix Prevention
3) Block Unsafe Downloads
4) Shadow AI Monitoring

Phishing Detection:
It includes 5 ML/AI models that work together to generate a phishing verdict (Suspicious or Unsafe). The 5 models cover -- URL, Content, Reputation, Brand, Vision. The Vision model uses a deep-learning model, so the extension embeds a runtime engine for evaluating this models.

Users are notified on suspicious and unsafe sites via a popup notification. Users can also configure a setting to lock "Unsafe" pages via the options page, in case they are worried about missing a notification. They are still able to unlock pages by clicking on the notification button.

Users can also perform further investigation of the suspicious / unsafe site by clicking "Further Investigate" which looks up the site on various threat intelligence websites (e.g. VirusTotal).

ClickFix Prevention:
It monitors all clipboard copy & cut events and analyzes them for potential malicious Powershell / Shell scripts. If malicious scripts are detected, it will warn the user and generate a detailed report in a new tab that explains the threat.

Block Unsafe Downloads:
Sekant utilizes an embedded YARA engine written in JavaScript to scan critical sections of the file in real-time—canceling unsafe downloads before they ever touch the operating system. Admins can customize the rules utilized based on company policy or threat research.

Shadow AI Monitoring:
Sekant utilizes behavior analysis to identify AI chatbot pages and monitors user prompts, data paste events and file uploads to such sites. Users are warned in real-time when they paste data or upload files, to avoid potential data loss. In addition, network requests to these sites are also logged to enable prompt extraction for forensic analysis if required.