The problem Phishing is still the top entry point for cyberattacks, and modern phishing no longer looks like phishing. It is personalized, well written, and plausible. Worse, the tools meant to protect us do not explain themselves. A spam filter silently files a message away, so the user never learns which parts were dangerous, why, or what to do next. Security expertise does not scale to every inbox, and a binary label does not create it. The solution CyberShield AI is an explainable threat analysis workspace. The pipeline is: message input, AI classification, risk score and threat type, explainability layer, highlighted indicators, recommended response. Paste a suspicious message and a terminal panel streams the analysis live. The verdict appears with a risk ring and confidence bar. Then the key moment: the original message reappears with every suspicious fragment highlighted in place. Hover any highlight to see exactly why it was flagged, whether a look-alike domain, a credential request, or manufactured urgency. Concrete actions follow: quarantine, block sender, reset credentials, report. Use of Fireworks AI Fireworks is our entire inference backbone. DeepSeek V4 Flash is the primary analyst, chosen because our task is classification plus evidence extraction plus reasoning in one call. We use Fireworks structured JSON outputs to force every response into a strict schema, giving fine-tune-grade reliability without fine-tuning. A second model, GPT-OSS 120B, acts as an LLM judge: it reviews the draft verdict, corrects the risk score, and drops any indicator not present verbatim in the message. Use of AMD Every inference call runs on AMD MI300X GPUs via Fireworks. The MI300X memory capacity is what makes serving a 120B judge model affordable, which is what makes our two-model architecture possible. Because we built on open-weight models, our enterprise roadmap is private on-premise deployment on customer-owned AMD GPUs, so sensitive email never leaves their network.
Category tags: