We built a 270M local model to detect phishing URLs (charlemagnelabs.ai)

Charlemagne Labs has soft-launched Agent Charley: a locally running, 270M-parameter small language model (gemma3-270m) designed to detect phishing URLs in real time on end-user laptops. The team chose phishing because AI has amplified spearphishing effectiveness, and they argue lightweight on-device models are necessary for low-latency, privacy-preserving defenses. Agent Charley runs entirely locally, flags links with allow/warn/block labels and calibrated confidence scores, and the company reports roughly 90% precision and recall on their test set. Technically, the project showed two key lessons: raw prompting of URLs is brittle, but preprocessing pages into structured indicator features dramatically improves accuracy even for small models. The team fine-tuned gemma3-270m by adding a classification head and training a LoRA, abandoning chain-of-thought outputs in favor of direct classification (with concise reason strings). Performance is very fast — ~50–80 ms per link on M-series Macs and ~100–150 ms on older Intel machines — and produces calibrated confidences. Remaining work centers on UI, privacy-preserving feedback collection, background agent architecture, and enterprise auditability. The team is soliciting user feedback on false positives/negatives, latency, and usability as they iterate.