An Autonomous Cognitive Firewall & Threat Intelligence Engine
"Security today protects devices. Scams attack humans. BlockSafe protects the human decision layer."
Spam filters block links. Antivirus blocks malware. But neither stops a human from making an irreversible decision when manipulated by fear, urgency, or authority.
Scams succeed in the 30โ90 seconds of panic before a user realizes they are being deceived.
BlockSafe is not a spam filter. It is an Autonomous Cognitive Firewall. It intervenes before the user acts, neutralizes the attacker through controlled honeypot engagement, and converts every attack into a high-fidelity intelligence dataset.
- ๐ง Cognitive Risk Engine: Detects psychological manipulation (urgency, fear, authority) rather than just keyword matching.
- ๐ Pre-Action Intervention: Pauses outgoing risky messages and provides users with a calm, persuasive explanation of the threat.
- ๐ค Autonomous Honeypot: Takes over the conversation from the user via our Telegram Bot, deploying delay tactics to extract threat intelligence from the scammer.
- ๐ Conversation Continuity: Uses Supabase to maintain state, ensuring the AI remembers context throughout the engagement.
- ๐ Threat Intelligence Command Center: A React dashboard to monitor live attacks, network risk scores, and threat distribution.
- ๐ญ Dataset Generation Engine: Automatically formats neutralized honeypot engagements into ML-ready datasets (Threat Intel JSON & Fine-Tuning JSONL).
BlockSafe is built using a highly decoupled, asynchronous microservice architecture, utilizing Groq's LPUs for sub-second inference with a high-availability fallback to DeepSeek.
---
id: 1536703f-d656-4a1a-8075-bba44db560a7
---
graph TD
classDef user fill:#ff9999,stroke:#333,stroke-width:2px;
classDef bot fill:#2CA5E0,stroke:#333,stroke-width:2px,color:#fff;
classDef backend fill:#005571,stroke:#333,stroke-width:2px,color:#fff;
classDef ai fill:#f9a826,stroke:#333,stroke-width:2px;
classDef db fill:#3ECF8E,stroke:#333,stroke-width:2px;
classDef frontend fill:#20232a,stroke:#333,stroke-width:2px,color:#61dafb;
A[๐ฆนโโ๏ธ Scammer/Attacker]:::user -->|Sends Scam Message| B(๐ฑ Telegram Bot UI):::bot
B -->|Shield Mode API Call| C{โ๏ธ FastAPI Backend\nCognitive Risk Engine}:::backend
C -->|High Risk Detected| D[๐ง LangGraph Swarm\nMulti-Agent Routing]:::ai
D <-->|Primary Inference| G((๐ Groq: Llama-3.3-70B)):::ai
D <-->|HA Fallback| DS((๐ DeepSeek-V3)):::ai
D -->|Extract & Update State| F[(๐๏ธ Supabase DB)]:::db
F -->|Conversation History| D
B -->|User Clicks 'Engage Honeypot'| D
D -->|AI Generated Delay Tactic| B
B -->|Replies to Scammer| A
F -->|Real-Time Analytics| H[๐ป React Admin Dashboard]:::frontend
H -->|Export Button| I[๐ Threat Intel JSONL]:::frontend
- Backend Engine: Python, FastAPI, LangGraph, LangChain
- Primary AI Inference: Groq (
llama-3.3-70b-versatile) for ultra-low latency. - Fallback AI Inference: DeepSeek (
deepseek-chat) for high-availability redundancy. - State Management: Supabase (PostgreSQL)
- Frontend Intervention:
python-telegram-bot(Async API) - Command Center UI: React, Vite, Tailwind CSS, Recharts
- Infrastructure: Docker & Docker Compose (Ready for Render Deployment)
BlockSafe is fully containerized into three distinct microservices. You can spin up the entire ecosystem on your local machine using Docker.
- Docker Desktop installed and running.
- A Telegram Bot Token (from @BotFather).
- Supabase API URL and Service Role Key.
- API Keys for Groq and DeepSeek.
Clone the repository and set up your environment variables:
git clone [https://github.com/bhargava562/block-safe.git](https://github.com/bhargava562/block-safe.git)
cd block-safe
Create a .env file in the server/ directory using the provided template:
# โโโโโโโโโโโโโโโโโโโโโโโ REQUIRED โโโโโโโโโโโโโโโโโโโโโโโ
API_AUTH_KEY=your-secure-api-key-here
# โโโโโโโโโโโโโโโโโโโโโโโ AI API KEYS โโโโโโโโโโโโโโโโโโโโโโโ
GROQ_API_KEY=your-groq-api-key-here
DEEPSEEK_API_KEY=your-deepseek-api-key-here
# โโโโโโโโโโโโโโโโโโโโโโโ SUPABASE (State) โโโโโโโโโโโโโโโ
SUPABASE_URL=your-project-url.supabase.co
SUPABASE_SERVICE_KEY=your-service-role-key-here
# โโโโโโโโโโโโโโโโโโโโโโโ MODEL NAMES โโโโโโโโโโโโโโโโโโโโ
GROQ_MODEL=llama-3.3-70b-versatile
DEEPSEEK_MODEL=deepseek-chat
# โโโโโโโโโโโโโโโโโโโโโโโ HONEYPOT Configuration โโโโโโโโโ
HONEYPOT_MAX_TURNS=5
HONEYPOT_CONFIDENCE_THRESHOLD=0.85
Run Docker Compose to build and start all three services (FastAPI, Telegram Bot, and React Dashboard):
docker-compose up --build
- ๐ FastAPI Swagger Docs:
http://localhost:8000/docs - ๐ฑ Telegram Bot: Open Telegram and message your bot to trigger the Cognitive Firewall.
- ๐ป Admin Dashboard:
http://localhost:5173(View live threats and export datasets).
Our vision is to evolve BlockSafe from a conceptual Telegram demo into a ubiquitous, multi-channel cognitive firewall. Here is the roadmap for the next phase of development:
- ๐ฑ Native OS-Level Integration: Transitioning from a bot interface to a background daemon/accessibility service (Android/iOS) that intercepts malicious notifications directly from WhatsApp, SMS, and native apps before the user even opens them.
- ๐๏ธ Multimodal Voice Shield: Integrating ultra-low-latency, on-device Whisper models to analyze live scam calls. BlockSafe will detect AI voice cloning, urgency manipulation, and authority impersonation in real-time, with the ability to inject an audio warning or autonomously take over the call.
- ๐ง Enterprise Email Defense: Expanding the cognitive risk engine to parse inbound phishing emails. This includes injecting pre-action HTML intervention banners directly into the inbox and deploying automated honeypot email threads to exhaust the attacker's server infrastructure.
- ๐ Global Threat Intelligence Grid: Automating the export of our
Scam Strategy Fingerprints (SSF)via webhooks directly to banking APIs, telecom providers (like Airtel/Jio), and regulatory bodies (e.g., CERT-In) to establish a collective, pre-emptive defense network.
Built with โค๏ธ and โ during a 24-hour hackathon by:
- Bhargava A
- Bhaargav K.C
- Dinesh Karthik L
- Hari Prasanth T.S