I Built an AI Security Coach for People Who Can't Afford to Get Hacked

A developer built CyberBuddy, a gamified Android app that serves as a personal cybersecurity coach for everyday users who cannot afford enterprise-grade security tools. The app, powered by a Gemini A2A agent, guides users through creating a Personal Security Plan covering password health, device security, and two-factor authentication, while tracking daily habits through streaks and badges. CyberBuddy is being presented at GDG Cape Town's Pet Projects: The 2026 Edition showcase on June 30.

CyberBuddy is a gamified Android app that guides everyday users through personal cybersecurity using a Gemini A2A agent. Here's the full build story. 𝗜 𝗯𝘂𝗶𝗹𝘁 𝘁𝗵𝗶𝘀 𝗯𝗲𝗰𝗮𝘂𝘀𝗲 𝘀𝗼𝗺𝗲𝗼𝗻𝗲 𝗮𝘀𝗸𝗲𝗱 𝗺𝗲 𝗮 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻 𝗜 𝗰𝗼𝘂𝗹𝗱𝗻'𝘁 𝗮𝗻𝘀𝘄𝗲𝗿 𝗶𝗻 𝗮 𝗪𝗵𝗮𝘁𝘀𝗔𝗽𝗽 𝗺𝗲𝘀𝘀𝗮𝗴𝗲. "How do I know if I am safe online?" She was a student I mentor through Linfy Academy in Strand, Cape Town. Smart. Motivated. Using the same password for her email, her banking app, and her school portal. There was no simple answer. So I built one. CyberBuddy is an Android app that acts as a personal cybersecurity coach. It guides users through building their own 𝗣𝗲𝗿𝘀𝗼𝗻𝗮𝗹 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗹𝗮𝗻 PSP - covering password health, device security, and two-factor authentication. It tracks daily security habits through streaks and badges. And it monitors whether your email has appeared in known data breaches. The AI coaching layer is powered by 𝗚𝗲𝗺𝗶𝗻𝗶 via an 𝗔𝟮𝗔 𝗔𝗴𝗲𝗻𝘁-𝘁𝗼-𝗔𝗴𝗲𝗻𝘁 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲. More on that below. Most cybersecurity tools are built for enterprises with IT departments and budgets. CyberBuddy is built for three people: These are the people who get phished. These are the people whose credentials appear in breach databases. These are the people nobody is building for. Language: Kotlin UI: Jetpack Compose Material3 Architecture: Clean Architecture + MVVM Database: Room offline-first DI: Hilt AI Layer: Gemini API via A2A Protocol Testing: JUnit5 + Kotest property-based Dev Tools: Gemini in Android Studio + Claude Code JetBrains The architecture was designed to be offline-first from day one. Room handles all local state. Gemini enhances the experience - it does not gate it. Instead of calling the Gemini API directly from every screen, I built a 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆𝗢𝗿𝗰𝗵𝗲𝘀𝘁𝗿𝗮𝘁𝗼𝗿 class that acts as the host agent. It delegates structured tasks to a Gemini-powered coaching agent using Google's A2A protocol. data class SecurityAgentTask val taskType: String, // "psp guidance" | "breach explain" | "daily tip" val userRole: String, // "student" | "professional" | "educator" val context: Map<String, Any The benefit: the AI backend is completely decoupled from the Android layer. I can upgrade the Gemini model, swap the agent, or change the coaching logic without touching a single Compose screen. That is the architectural decision I am most proud of. 𝟭. 𝗔 𝗽𝗿𝗼𝗽𝗲𝗿𝘁𝘆-𝗯𝗮𝘀𝗲𝗱 𝘁𝗲𝘀𝘁 𝘁𝗵𝗮𝘁 𝘁𝗮𝘂𝗴𝗵𝘁 𝗺𝗲 𝗺𝗼𝗿𝗲 𝘁𝗵𝗮𝗻 𝗮𝗻𝘆 𝗹𝗶𝗻𝘁𝗲𝗿. I was using Arb.string minSize = 1, maxSize = 100 to generate random test inputs for the source field in breach results. The test asserted breach.source.isNotBlank . It kept failing. Turns out Kotest's string generator happily produces strings made entirely of whitespace. A string of spaces has a length of 1. It is not blank. Except it is. One line fixed it: val arbNonEmptyString = Arb.string minSize = 1, maxSize = 100 .filter { it.isNotBlank } 74 tests passed before that fix. 75 after. 𝟮. 𝗔𝗜 𝗳𝗲𝗮𝘁𝘂𝗿𝗲𝘀 𝘄𝗮𝗻𝘁 𝗰𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝘃𝗶𝘁𝘆. 𝗬𝗼𝘂𝗿 𝘂𝘀𝗲𝗿𝘀 𝗱𝗼𝗻'𝘁 𝗮𝗹𝘄𝗮𝘆𝘀 𝗵𝗮𝘃𝗲 𝗶𝘁. Designing for offline-first while shipping AI features is a real tension. My solution: Room is the source of truth. Gemini is the upgrade. If the agent call fails, the app still works. I used two AI tools at different stages: 𝗚𝗲𝗺𝗶𝗻𝗶 𝗶𝗻 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 𝗦𝘁𝘂𝗱𝗶𝗼 for scaffolding. Boilerplate, A2A setup, Compose screens. Gemini knows the Android ecosystem deeply and moves fast. 𝗖𝗹𝗮𝘂𝗱𝗲 𝗖𝗼𝗱𝗲 𝗝𝗲𝘁𝗕𝗿𝗮𝗶𝗻𝘀 𝗽𝗹𝘂𝗴𝗶𝗻 for polish. Edge cases, accessibility, ProGuard rules, test coverage gaps. Claude reads the full codebase and reasons about architecture, not just the current file. Neither tool replaced thinking. Both tools compressed the time between thinking and shipping. Before either tool touched the codebase, I wrote three spec files: mission.md , techstack.md , and roadmap.md . That is what kept the agents grounded. CyberBuddy is being presented at 𝗣𝗲𝘁 𝗣𝗿𝗼𝗷𝗲𝗰𝘁𝘀: 𝗧𝗵𝗲 𝟮𝟬𝟮𝟲 𝗘𝗱𝗶𝘁𝗶𝗼𝗻 - GDG Cape Town's mid-year showcase on 30 June 2026. After that: Play Store release, closed beta with users from Strand and the IUS Africa youth network, and Supabase MCP integration for cross-device PSP sync. 𝗜𝗳 𝘆𝗼𝘂 𝗮𝗿𝗲 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝘀𝗼𝗺𝗲𝘁𝗵𝗶𝗻𝗴 𝗳𝗼𝗿 𝗽𝗲𝗼𝗽𝗹𝗲 𝘄𝗵𝗼 𝗻𝗲𝗲𝗱 𝗶𝘁, 𝗞𝗲𝗲𝗽 𝗯𝘂𝗶𝗹𝗱𝗶𝗻𝗴. El Roi sees the work. 𝗟𝗶𝗻𝗳𝗼𝗿𝗱 𝗠𝘂𝘀𝗶𝘆𝗮𝗺𝗯𝗼𝗱𝘇𝗮 Founder, Linfy Tech Solutions | Strand, Cape Town