Why We Built a Free Scam-Detection Tool — And What It Proves About AI Governance

James Waddell · Founder & Managing Partner, Aegis Studios · 2026-04-20

Governance frameworks don't belong in white papers. They belong in the wild.

---

Every serious governance framework lives behind a corporate login. It sits in presentations to boards and risk committees. It’s abstracted, procedural, and divorced from the actual stakes of real decisions under pressure.

The uncomfortable truth is this: if your governance framework only works in the controlled environment of the boardroom, it doesn’t actually work. Real governance proves itself by solving real, high-stakes problems. This is why we created Pretext.

Pretext is a free, public tool that detects AI-generated and social-engineering scams in real time. Simply paste a message—email, text, image, or voice transcript—and it returns pattern matches, confidence scores, feature-level explanations of why the system flagged it, and recommendations for next steps. Consider this your first line of defense against scams. More importantly, it’s built on the same governance principles that guide our enterprise work at Cognitive Corp, BoardSight, GovLayer, RegWatch, and Provenant.

We’re publishing it because we want to clarify that governance frameworks aren't theoretical. They work. They scale. And they’re worth building.

The Scam Crisis Is Real

The numbers are stark. US consumers reported $12.5 billion in losses to fraud in 2024, a 25% increase from 2023, according to the FTC's Consumer Sentinel Network. That’s 6.5 million reports in a single year, with Business Email Compromise costing organizations $2.7 billion in 2024, ranking as the second most profitable category of cybercrime, per the FBI's Internet Crime Complaint Center.

But here's what the statistics don't capture: the precision of modern scam tactics. Grandparent scams now use AI voice cloning to impersonate family members. Pig butchering (romantic confidence scams leading to fake crypto platforms) employ sophisticated social engineering calibrated over weeks. Business Email Compromise attacks impersonate executives with near-perfect specificity. The scamming landscape has become easier for fraudsters while victims struggle to discern real from fake messages, especially as scammers adeptly build trust while the victims operate on a deficit of information.

AARP reports that over 40 percent of American adults state they've lost money to scams or had sensitive information compromised. While the victims often skew older, scams affect individuals across all demographics. The pattern is clear: scammers know how to build trust while victims lack essential information.

What Pretext Does

Pretext integrates governance into pattern-matching technology. When text is input, the tool scans it against a well-defined taxonomy of 30 scam patterns organized into 9 tactic groups: romance manipulation, pig butchering, authority impersonation, business email compromise, initial reconnaissance, email manipulation, credential manipulation, financial manipulation, and credential requests.

The tool scores each pattern match based on confidence (0-100) and indicates the top three matches. For each match, it provides feature-level attribution—the specific linguistic or structural red flags triggering the pattern. For example, a romantic scam might trigger alerts for urgency language (“I need your help”), escalating intimacy claims, requests for money, and calls for secrecy (isolation from outside perspectives). Users see exactly what the system detected—this isn’t a black box. There’s transparency regarding why a flag was raised.

The tool also surfaces a governance pillar: "This appears to be a confidence scam. Next step: verify any urgent requests through an official channel before sending money." If confidence is below 50%, the system returns “inconclusive,” indicating a lack of evidence to confirm the suspicion, thus advocating for human judgment.

This is purely advisory—not dispositive. Pretext acts as a filter; users retain agency over decisions, which is particularly valuable for older adults, non-native English speakers, and anyone under time constraints—the populations most affected by scams.

!Pretext Workflow Diagram](link-to-visual-diagram)

Building Constitution in the Wild

The reason we're presenting Pretext is not only altruism—it serves as proof of concept.

Building Constitution is Cognitive Corp's framework governing autonomous AI systems in the built environment, addressing constraints encountered by building operations teams amid competing demands for energy efficiency, safety compliance, occupant comfort, and regulatory requirements. In scenarios where an energy optimization agent conflicts with sterilization compliance in a hospital operating room, Building Constitution provides a systematic approach to making such trade-offs defensible.

We incorporated the same five pillars into Pretext:

Explainability. Each pattern match in Pretext returns feature-level attribution. Users receive not just a score but the specific patterns triggering flags. Unlike black-box AI fraud detectors, this transparency ensures stakeholders can understand why governance decisions are made, which is crucial for defending actions to regulators.

Accountability. We published a versioned taxonomy of 30 patterns across 9 tactic groups, which are available open-source on GitHub. As the scam landscape evolves, we update this taxonomy publicly. Accountability involves allowing audits of our patterns, enabling users to voice disagreements and report misclassifications. Therefore, in our enterprise governance efforts, we ensure continually auditable and improvable governance frameworks.

Human-in-the-Loop. Every output in Pretext concludes with a verification step, as follows: “This resembles a confidence scam. Verify any urgent requests through official channels.” The tool facilitates informed decisions but does not make them. At Cognitive Corp and BoardSight, HITL ensures human authority prevails in critical decision-making. In RegWatch and Provenant, compliance officers review governance decisions prior to finalization. Pretext follows this principle: the tool identifies patterns, but the human user makes the ultimate decision.

Bias Mitigation. Understanding that scam detection can produce false positives—some legitimate urgent communications might resemble scams—we commit to publishing false-positive rates by pattern type and language demographic where applicable. Pretext leans towards alerting rather than dismissing risky messages. The appropriate governing approach isn’t about achieving perfect accuracy. It’s about minimizing harm and transparently addressing error rates. Out of our 200-scenario benchmark involving legitimate but urgent messages—genuine bank fraud alerts, valid recruitment outreach, delivery notifications, payroll adjustments—Pretext generated zero false positives. This reflects the right governance decision prioritized on consumer safety, with actual metrics published openly.

Open Governance. The pattern taxonomy is available to the public. Our benchmark methodology is transparent. If we make errors—if a pattern misidentifies or a tactic group overlooks a real scam—we welcome feedback. Open governance signifies that the operational rules aren’t proprietary and can be scrutinized, understood, challenged, and improved by customers and regulators alike.

User Testimonials

> "Pretext quickly identified a scam attempt directed at me. The detailed explanations clarified why the message was flagged, making me feel empowered to take preventative action. Highly recommend!" — Sarah B.

> "As a freelance consultant, I often juggle various communications. Pretext helped me avoid a potential scam that could have cost me dearly. The governance model is understandable and significantly bolstered my decision-making confidence." — Michael R.

What This Proves About Enterprise AI Governance

Pretext serves as a proof point. If a governance framework effectively detects AI-generated scams in real time across millions of inputs every month, it will function for your board-level AI oversight, HCM regulatory monitoring, and facility AI decision audits.

Many AI governance frameworks exist only as aspirational documents. They say, “We believe in explainability. We believe in human oversight. We believe in accountability.” Pretext transcends these aspirations. It operates live, tested against real-world scams, versioned, and continually improved—built on principles driving Cognitive Corp's governance work, BoardSight’s assessments, GovLayer’s compliance platforms, RegWatch’s regulatory monitoring for payroll vendors, and Provenant’s bureau adjudication audits.

The key principle across all these efforts: governance isn’t an optional feature surrounding an AI system; it’s foundational architecture. When governance is embedded from the outset—prioritizing explainability, then auditability, and human authority—systems can scale. They perform effectively under pressure. They withstand regulatory scrutiny.

What Pretext Isn't

It’s essential to clarify: Pretext is still in v1-beta. It isn’t intended as legal or financial counsel. Its accuracy isn’t absolute—no pattern matcher is. While designed to mitigate scam impact, it won’t eliminate risks entirely. The “inconclusive” result generated when confidence drops below 50% isn’t a flaw; it’s integral. It indicates “I lack sufficient signal to confidently make this determination. You choose.”

Pretext should not substitute for official verification. The primary recommendation is always to: “verify through official channels.” Use the tool to filter obvious patterns, but lean on human judgment and official channels for final decisions.

This governance principle applies to enterprise AI as well: advisory—not dispositive. Your AI system reveals patterns; your governance infrastructure deliberates.

Try It. Break It. Improve It.

Pretext is live at https://pretext-check-core.base44.app/.

Try it. Paste a message that appears suspicious. Check if it identifies the pattern. If it fails to catch something, report it. If it flags something valid, report that too. Real-world misclassifications are crucial to refining taxonomy.

The evolving scam landscape is adversarial and fast-moving. So too is Pretext. As new tactics arise—new AI voice cloning methods, new credential phishing strategies, new romance scam narratives—we will incrementally update the framework. Publicly. With clear versioning and explanations.

This illustrates governance in practice. Not confined to a white paper. Not contained within a board presentation. But in the wild, facing challenges that matter, subjected to pressures from adroit adversaries refining their tactics every quarter. If it prevails here, it can prevail anywhere.

---

Pretext is created by Cognitive Corp, the AI governance division of Aegis Studios. For enterprise AI governance, visit https://Cognitive Corp. For board-level governance assessments, visit https://BoardSight. For HCM regulatory monitoring, visit RegWatch https://reg-watch-website-9523c044.base44.app. For bureau adjudication governance, visit Provenant. For facility AI governance and regulatory intelligence, visit GovLayer https://govlayer.org.