Interview with Team ALVAR, First-Prize Winners of the COcyber AI Cybersecurity Deephack

From April 24 to 26, 2025, COcyber AI Cybersecurity Deephack brought together a diverse group of participants - from PhD students and young professionals to startup founders and cyber enthusiasts - for an intense 48-hour challenge focused on one critical question: can artificial intelligence stop the next big phishing attack?

With dual-use applicability at the core of the challenge, teams had to consider the needs of both civilian and defence sectors, addressing issues like multilingual threats, adversarial techniques, and infrastructure limitations.

From natural language processing to anomaly detection and threat intelligence, participants had to think fast, collaborate efficiently, and push the boundaries of what’s currently possible in AI-driven cybersecurity. Working under pressure through checkpoints, mentoring sessions, and live pitching, they built prototypes that could function across languages, contexts, and threat levels. But behind the tech, the real engine of the Deephack was collaboration 

We sat down with the winning teams to hear how they approached this complex task and where they plan to go next. In this article, we introduce you to Team ALVAR, the first-prize winner of the COcyber AI Cybersecurity Deephack.

Can you introduce your team? Who are you, what are your backgrounds, and what brought you together to take part in this Deephack?

We are Team ALVAR, a group of three cybersecurity enthusiasts that came together actually quite unexpectedly! Our project lead, Fahad Sohrab, is a postdoctoral researcher who has his background in anomaly detection and multimodal machine learning. The second member, Heidi Sohrab, is the creative force of the team with a strong business background. Our final member is Viktor Växby, a young genius (Heidi’s words) ethical hacker, specializing in identifying vulnerabilities before attackers do. 

We, Fahad and Heidi, joined as a team of two, and then were introduced to Viktor only a day before the Hackaton! We saw that our skillsets matched perfectly to build a strong team and were able to find common ground very quickly. We all came together for Deephack to make use of our expertise in creating a stronger, safer Europe for everyone. 

Phishing attacks are evolving and growing more sophisticated. What approach did you use to build an AI-driven system that can detect and prevent phishing in real-time? How did you design an AI-driven solution, what technologies or methods did you use (e.g. NLP, anomaly detection, threat intelligence)?       

We developed an AI-driven system based on Multimodal Subspace Support Vector Data Description. We trained our system to learn from the “non-attack” samples across multiple data modalities, such as textual content, system commands and metadata. Because we didn’t train the AI model to detect only certain attacks, we are able to flag evolving and even advanced AI powered threats, making our model incredibly robust and scalable. The model works even if some data modalities are missing or incomplete. Not needing massive datasets or retraining also makes the model more environmentally friendly.

How did you ensure your solution could be applied in both civilian and defence contexts?Dual-use was a key aspect of this deephack. What design choices helped you meet that goal?

We designed our solution to be modular and scalable, capable of processing any sensor data, ensuring effectiveness across both civilian and defense domains. Leveraging Multimodal Subspace Support Vector Data Description (MSSVDD) our system can adapt to diverse applications, enabling seamless protection of critical infrastructure and defense assets alike. Key features such as plug-and-play modules, flexible deployment options (cloud, edge and on-premises) and real-time anomaly verification provide strong resilience against evolving threats. 

We want to say a big Thank You to our mentors during the Deephack for their invaluable guidance and support! They really helped us in finding use cases for dual use applications.

In your opinion, how can AI strengthen cybersecurity resilience in the years to come across both public and defence sectors? We’d love to hear your broader reflections based on what you learned through this challenge.

Based on our experience in this challenge, we believe AI’s ability to analyze vast, multimodal data in real-time will be key to detecting subtle, emerging threats that traditional systems often miss. AI-driven anomaly detection models, like our MSSVDD, can enable faster and more adaptive responses to threats. Furthermore, AI can enable proactive threat hunting and automated incident response, reducing human workload and response times.

The modularity and scalability of AI can allow it to be tailored to diverse environments, from public health infrastructures to critical defense systems, while ensuring compliance with evolving regulations. Building resilient, self-learning and explainable AI systems will be essential in the future. This Deephack also reinforced how collaboration between multidisciplinary experts is vital in creating robust systems for the future.

What’s next for your project? Do you plan to further develop your solution or bring it closer to market or real-world deployment?

Next we will participate in GITEX Europe, thanks to COcyber, where we hope to find partners to advance our solution! We aim to collaborate with industry and defense partners to pilot deployments in real-world environments, focusing on critical infrastructure and autonomous systems like drones and healthcare devices. After initial steps we will be actively seeking funding to support further development, large-scale testing and market entry. Our goal is to establish our solution as the go-to platform of choice for cybersecurity – wish us good luck!