Get Started
Install the extension and try a live demo scan
Choose your email client
Click Download ZIP above, then extract the archive. The chrome-extension/ folder is the extension directory you need.
In Chrome, navigate to chrome://extensions or open the menu → More tools → Extensions.
Toggle Developer mode in the top-right corner of the Extensions page. This is required to load unpacked extensions.
Click Load unpacked and select the chrome-extension/ folder you extracted in Step 1. The ThreatWatch AI for Gmail card should appear.
Click the extension card → Details → Extension options. The API URL should already point to https://threatwatch-ai.nusabyte.cloud. Change it only if you are self-hosting.
Set Scan mode to AI for the full 4-agent pipeline, or Standard for fast rule-based-only analysis.
Go to mail.google.com, open any email, and click the ThreatWatch AI button that appears above the message body. A verdict badge will be overlaid on the email.
No native Outlook extension yet. ThreatWatch AI is currently Gmail-first. The options below let you scan emails from Outlook Web (OWA) and Outlook Desktop via the dashboard or a bookmarklet.
Option A — Dashboard paste
EasiestIn Outlook (web or desktop), open the suspicious email and select all text — Ctrl+A then Ctrl+C.
Open ThreatWatch AI dashboard → Scan tab.
Paste the copied text into the email body field and click Scan. Results appear within seconds.
Option B — Bookmarklet
OWA onlyDrag the button below to your bookmarks bar:
Go to Outlook Web, open an email, then click TW: Scan Email in your bookmarks bar.
A popup will open showing the ThreatWatch AI verdict. Results are also saved to your scan history on the dashboard.
Copy the full email text and paste it into the dashboard Scan tab. Alternatively, forward the email to yourself and open it in OWA to use the bookmarklet.
No Thunderbird add-on yet. Thunderbird uses its own add-on system (WebExtensions). Until a native add-on ships, use the dashboard-paste workflow or the View Source method below.
Option A — Copy & Paste
SimplestSelect the suspicious email in your inbox.
Press Ctrl+A (select all) then Ctrl+C to copy the visible email body. For subject lines: copy just the subject from the header area.
Scroll up to the Live Demo widget, paste your text and click Scan Now — no login required.
Option B — View Source scan
Headers + URLsWith an email open in Thunderbird, press Ctrl+U (or View → Message Source). This shows the full email including headers and all URLs.
Look for From:, Reply-To:, and any http links. Copy those lines.
Paste into the dashboard → Scan or use the demo widget above. The scanner is optimised for detecting suspicious links and spoofed senders.
A native Thunderbird WebExtension is planned. It will integrate directly into the Thunderbird message pane using the same API as the Chrome extension. Star the GitHub repo to get notified when it ships.
Direct API access
Authenticate with your API key and POST any email content for a machine-readable verdict.
curl -X POST https://threatwatch-ai.nusabyte.cloud/api/v1/scan \
-H "X-API-Key: <your-key>" \
-H "Content-Type: application/json" \
-d '{
"subject": "Urgent: verify your account",
"body": "Click here to avoid suspension...",
"mode": "ai"
}'{
"verdict": "scam",
"score": 0.94,
"confidence": "high",
"flags": ["urgent_language", "suspicious_link"],
"explanation": "...",
"scan_mode": "ai"
}standard — ML ensemble + rule engine, <100 msai — full 4-agent LLM pipeline, ~3-15 s