ScamShield is a fraud detection REST API built for the AMD Developer Hackathon: ACT II. It analyzes text, URLs, documents, and images for phishing, social engineering, and tampering using a hybrid AI router that balances cost, speed, and accuracy. The system runs entirely on AMD infrastructure. LLM inference is routed through Fireworks AI on AMD Instinct GPUs — DeepSeek V4 Flash for text analysis and Minimax M3 for vision analysis — with a free local Ollama fallback (Gemma 4 12B) for offline use. The entire codebase is built around Google Gemma 4 31B IT as the primary model; the router always attempts Gemma first and falls back automatically when access isn't available on the current API tier, requiring zero code changes once that access is granted. Beyond AI-based analysis, ScamShield includes a 9-probe forensics engine that runs entirely offline: LSB steganography detection, histogram analysis, appended-data detection, file entropy scoring, Word VBA macro extraction, PDF JavaScript scanning, threat-keyword matching, EXIF metadata checks, and file signature verification. This engine is adapted from a production Telegram bot already used in real classrooms for cybersecurity education. A Levenshtein-based typosquatting engine specifically protects users of Central Asian banks — Kapitalbank, Click, Payme, Uzcard, and Humo — catching lookalike domains like kap1talbank.uz that standard blacklists miss. The entire project was rebuilt from an earlier multi-agent prototype into a clean, dependency-free FastAPI service, fully containerized and published publicly on GitHub Container Registry — reviewers can pull and run it with a single Docker command, no source build required. Team: NYX Sec — Jasur Mahkamov, Fergana Valley, Uzbekistan.
Category tags: