I Built a Free API That Detects Phishing Sites Using AI Vision - And It Catches Prompt Injection Too A developer built PhishVision, a free REST API that uses AI vision to detect phishing sites and prompt injection attacks by analyzing webpage content visually, not just URLs. The API extracts hidden text from pages and uses GPT-4o to identify malicious patterns, catching new phishing sites and invisible prompt injection payloads that traditional URL reputation checks miss. Most phishing detection APIs check URL reputation databases. The problem? Brand new phishing sites aren't in any database yet. And a growing new category of attack - prompt injection - doesn't look suspicious to any URL scanner at all. I built PhishVision to solve both. PhishVision is a REST API that: It sees the page exactly like a human would - not just the URL. curl -X POST https://opticparse-1opticparse-node-sg.onrender.com/api/phish-detect \ -H "Content-Type: application/json" \ -d '{"url": "https://suspicious-login-page.com"}' { "verdict": "malicious", "confidence score percentage": 97, "impersonated brand": "Microsoft", "threat type": "brand impersonation", "visual anomalies detected": "Pixelated Microsoft logo", "Urgency message: Your account will be locked", "Fake login form collecting credentials" , "hidden payload detected": null } Here's something most people don't know: attackers are embedding hidden instructions in webpages targeting AI agents and chatbots. White text on white backgrounds. CSS display:none. Text so small it's invisible to humans. Like this actual attack pattern :