CyberCTRL | Devpost

Project/extension icon

Problem

Developers unknowingly copy-paste or install malicious code, APIs, and libraries, leading to security breaches, financial loss, and compromised systems. Existing security tools focus on post-infection detection, but no solution prevents developers from using bad code in real time.

Solution

CyberCTRL is an AI-powered browser extension that proactively warns developers before they:

Copy suspicious code snippets 📜
Install compromised NPM/PyPi/Maven packages 📦
Use phishing-based fake APIs 🔗

Product

CyberCTRL offers real-time security analysis with features such as:

API & Package Trust Score – Assesses trustworthiness using open-source reputation, commit history, and package behaviors.
Code Snippet Checker – Scans copied code for obfuscation, hidden eval() calls, and crypto-miners.
Fake Docs & Typosquatting Protection – Prevents use of fake API docs and typo-squatted packages.
DevOps & CI/CD Integration – Scans dependencies before builds and integrates with GitHub Actions.
Privacy-Preserving – Works fully locally, ensuring no external code exposure.

Market Size

The global cybersecurity market is projected to reach $266B by 2027, growing at a compound annual growth rate of 10%. Our focus is on:

27M+ software developers worldwide
Enterprises with security-sensitive teams (Fintech, Banking, DevOps, Consultancy Services etc.)
Open-source projects and package maintainers

Total Addressable Market (TAM):

This represents the global market of developers who could potentially benefit from CyberCTRL.

Total Software Developers (2024): ~29.6 million worldwide (Source: Evans Data Corporation)

Market Growth Rate: Expected to reach 45 million by 2030

Relevant Segments:

Frontend & Backend Devs
DevOps Engineers
Sysadmins & Security Teams
Fintech & Banking Engineers
AI & ML Developers

Estimated TAM = 29.6M developers × Average security spend per dev ($50-$200/year) = $1.5B - $5.9B annually

Serviceable Available Market (SAM):

This is the subset of developers who actively need security tools for package validation & anti-phishing.

DevOps + Security Developers (~6M devs)
Web & Backend Developers using NPM, PyPi, Apache Maven (~15M devs)
Fintech & Banking Software Engineers (~1M devs)
Estimated SAM = 10M - 15M developers × $50-$200/year = $500M - $3B annually

Serviceable Obtainable Market (SOM):

This is the realistic market share CyberCTRL can capture in its early years.

Targeting 1-5% of security-conscious developers in:

Enterprise companies (AWS, Google, Microsoft dev teams)
Startups & open-source developers
Freelancers & DevSecOps teams

Estimated SOM = 100K - 500K early adopters × $50-$200/year = $5M - $100M annually

Business Model

Freemium Model: Free for individual developers, premium features for enterprises.
Enterprise Licensing: Self-hostable version for companies (e.g. run on Citrix).

Traction

Prototype ready: Initial browser extension ready for use and CLI tool in development.
Interest from DevSecOps teams in fintech and enterprise security.

Team

Neiloy Chaudhuri (Frontend, PM) - Management Engineer @ UWaterloo | SWE Intern @ Tata Consultancy Services
Gunjiilkham Altanzaya (Full-stack, AI Research) - CS @ Drexel | Data Structures and Algorithms Teaching Assistant @ Drexel
Zayan Khan (Frontend, PM) - CS @ University of Western Ontario
Christopher Khaing (Backend, AI Research) - CS @ College of Marin

Vision

“Build the first proactive security tool that protects developers from phishing, typosquatting, and malicious code before they use it."

Built With 🛠️ Frontend Chrome Extension HTML5 CSS3 Vanilla JavaScript Chrome Extension Manifest V3 Chrome APIs (tabs, scripting, storage)

Backend Core Framework FastAPI (Python 3.11+) Uvicorn (ASGI server) Pydantic (Data validation)

Security Analysis Tools Custom Scanners API Scanner (URL & endpoint analysis) Package Scanner (dependency verification) Code Scanner (pattern detection) Keyword Scanner (suspicious content detection)

Development Tools Environment & Package Management Python venv pip (Python package manager) dotenv (environment variables)

APIs & Services Internal APIs /api/v1/scan/api - API security scanning /api/v1/check-package - Package verification /api/v1/scan-code - Code analysis /api/v1/scan-webpage - Webpage scanning

Security Features Analysis Capabilities SSL/HTTPS verification Domain analysis Typosquatting detection Risk assessment Trust score calculation

Built With

aiohttp
chrome-extension-manivest-v3
css3
dotenv
fastapi
git
html5
javascript
llama-3.2b-instruct
node.js
pip
pydantic
python-venv
uvicorn

Submitted to

HackNYU 2025

Created by

I implemented a backend tool that fetches relevant forum posts about a specific topic from Stack Overflow and Reddit, cleans up the data by removing HTML tags, and formats the content in a readable and structured way fed into a LLaMa 3.2B Instruct model for quick-read insights.

Christopher Khaing
My dream is to get a PhD one day and contribute to the fight against inequality.
Worked mainly with Zayan to direct product vision and management. Set up chrome extension software structure and frontend design. Led product pitch and business model.

Neiloy Chaudhuri
I architected and implemented the core backend security infrastructure using FastAPI and Python, building a comprehensive API scanning system with custom security validators. The core tech stack leverages FastAPI for the framework, Pydantic for robust data validation, aiohttp for asynchronous request handling, and specialized Python modules for deep security analysis. I engineered the domain verification system, trust score calculator, and risk assessment engine from scratch. Additionally, I handled the frontend integration by connecting the Chrome extension to the backend API using JavaScript and Chrome Extension APIs, enabling seamless real-time security scanning and result processing.

Gunjiilkham Altanzaya
Collaborated closely with Neiloy to shape product vision and strategy. Designed the Chrome extension’s software structure and frontend. Led the product pitch and developed the business model.

ZayanKhan-12 Khan