Whaling Countermeasure Framework

• Whaling Countermeasure Framework is a structured system employing LLM agents to construct personalized vulnerability profiles and defense guidelines against targeted social engineering attacks.
• It integrates offline analysis of public OSINT and internal data with online real-time email risk assessment, generating actionable risk scores and mitigation recommendations.
• The framework’s multi-agent pipeline demonstrates proof-of-concept validation in academic settings, highlighting its potential for broader deployment despite scalability and integration challenges.

A Whaling Countermeasure Framework is a structured, multi-agent defense system designed to mitigate targeted social engineering attacks—known as "Whaling"—against high-authority individuals within organizations. Whaling typically exploits detailed public information to craft highly personalized fraudulent emails, enabled in recent years by generative AI techniques. The primary goal of such a framework is to systematically identify, model, and defend against risks arising from high-precision attacker profiling, by leveraging LLM-based agents that construct and utilize personalized vulnerability and defense artifacts (Miyamoto et al., 21 Jan 2026).

1. System Architecture and Agent Roles

The Whaling Countermeasure Framework is architected as a pipeline of LLM agents operating in two principal phases: offline analysis (artifact construction) and online real-time risk assessment. The framework consists of the following components:

• Offline Analysis Phase:
  • PVP-Generation Agent ("vulnerability profile builder"): Ingests OSINT including publication pages, grant records, and social platforms to extract structured candidate vulnerabilities.
  • Risk-Scenario Generation Agent ("risk scenario identifier"): Abstracts plausible Whaling scenarios by linking attack vectors to work context and psychological triggers.
  • PDP-Generation Agent ("defense profile constructor"): Integrates PVP, risk scenarios, and internal organizational data (e.g., approval chains, administrative duties) to formalize high-risk situations and recommended defense guidelines.
• Online Analysis Phase:
  • Whaling Email Analyzer Agent: Assesses incoming email messages against the personalized defense profile, computes risk scores, labels, and provides explanation-linked defensive recommendations.

The interaction structure is as follows:

Public OSINT ──► PVP-builder ──► PVP ──► Scenario Identifier ──► Risk Scenarios │ │ ▼ ▼ Internal Data (approval chains, etc.) PDP-constructor │ │ ▼ ▼ Output: Personalized Defense Profile (PDP) │ Online Email Analyzer ▼ Output: Risk Score, Label, Explanation

(Miyamoto et al., 21 Jan 2026)

2. Vulnerability Profile Construction

The Personalized Vulnerability Profile (PVP) systematizes all public data about each target along the following axes:

• Positions & Authority: Roles, titles, decision scope.
• Types of Public Information: Publications, grants, social media, professional activities.
• Communication Habits: Preferred channels, response behaviors.
• Work Cycles: Semester/grant/reporting periodicity.
• Human Networks: Collaborator graphs, committee links.
• Attack Contexts: Inferred plausible scenarios based on public exposure.

Artifact construction is formalized through LLM prompt-driven pipelines that populate a standard JSON schema. Example schema fields:

{ "positions_authority": [{"role": "...", "scope": "..."}], "public_info_types": {"publications": [...], "grants": [...]}, "comm_habits": {"channels": [...], "tendencies": [...]}, "work_cycles": [{"event": "...", "period": "..."}], "human_networks": [{"person": "...", "relation": "..."}], "attack_contexts": ["...", "..."] }

(Miyamoto et al., 21 Jan 2026)

This structured profile enables subsequent agents to reason about attack surface stratification for each target.

3. Risk Scenario Identification and Abstraction

The risk scenario generation agent synthesizes plausible Whaling risk scenarios directly from the PVP. Each scenario is described by:

• Impersonation Category: Likely attacker masquerade (internal IT, grant office, etc.).
• Attack Goal: e.g., credential theft, fund misdirection.
• Exploited Work Context: Synchronized with real cycles (e.g., grant reporting deadlines).
• Social Engineering Triggers: Authority, urgency, deadlines.
• Conditions Favoring Success: Detected high workload, habitual response patterns.
• Defensive Views: Recommended robust defense vectors (e.g., cross-channel validation).

The output is marshaled as JSON-encoded scenario objects, supporting subsequent PDP construction. Attack scenarios are tightly linked to both public context and known workflow vulnerabilities, allowing for specificity in downstream defense (Miyamoto et al., 21 Jan 2026).

4. Defense Profile Generation and Policy Linkage

The PDP-generation agent synthesizes:

• High-Risk Vulnerabilities: Prioritized attributes linking most exploitable PVP items with risk scenarios.
• Time-Dependent Risks: Temporal windows (derived from work cycles) of increased vulnerability.
• Scenario Links: Explicit mapping between risk scenarios and implicated PVP attributes.
• Defense Guidelines: Actionable, context-driven advice for each scenario/vulnerability, formatted as structured JSON entries.

The defense profile is thus formalized as:

{ "high_risk_vulnerabilities": [...], "time_dependent_risks": [...], "scenario_links": { "scenario_id" : ["pvp_item_ids"] }, "defense_guidelines": [ {"category": "...", "advice": "...", "checks": [...]} ] }

(Miyamoto et al., 21 Jan 2026)

Operationally, the output provides a granular, bespoke basis for LLM-based skeptical parsing of incoming communications.

5. Online Email Risk Analysis Workflow

Incoming emails are evaluated in real time using the PDP as context memory. The LLM agent executes the following:

• Feature Extraction: Parses headers/bodies for sender, actions, deadlines, fund references, links, and attachments.
• Cross-Referencing: Checks for pattern matches against impersonation categories, approval chain anomalies, time-dependent risk, and engineered triggers.
• Risk Scoring and Labeling: Maps cumulative matches to a 0–100 risk score, with labels in {safe, caution, dangerous}, weighted by rule importance.
• Explanatory Synthesis: Generates rationale linking triggers in the message to relevant defense guidelines and scenario/PVP items.
• Defensive Recommendations: Outputs context-specific mitigation advice—e.g., independent channel verification, information cross-checks.

All outputs are JSON-structured, and system prompts prohibit any offensive content or phishing text generation. The approach yields context-aware incident triage and documentation, although large-scale empirical validation is pending (Miyamoto et al., 21 Jan 2026).

6. Experimental Validation and Operational Considerations

A single-laboratory risk-assessment experiment was performed with two university faculty members. Artifacts were autogenerated by the framework using institutional profile pages, research platforms, grant records, and social media data. Simulated emails—both benign and Whaling-like—were fed to the email analyzer. The agent:

• Correctly flagged impersonation-attempt messages as "suspicious" or "highly suspicious".
• Suggested context-appropriate defense actions, such as alternative-channel verification.
• Labeled genuine business communication as "low risk" with coherent explanations.

No formal precision/recall metrics were reported; the experiment served as a proof-of-concept for context-aligned judgments and defense rationales (Miyamoto et al., 21 Jan 2026). A plausible implication is that wider testing across heterogeneous roles and realistic mail traffic remains necessary.

7. Limitations, Challenges, and Future Directions

Noted limitations include:

• Very small-scale proof-of-concept evaluation—broader empirical validation is explicitly identified as future work.
• Internal organizational data (approval, authority scopes) currently requires semi-structured input, precluding fully automated scaling.
• Protection against prompt-injection and adversarial email inputs necessitates ongoing prompt engineering and sandboxing.
• Real-world deployment will require integration with privacy and security governance, CSIRT workflows, and controlled field experiments.

A plausible implication is that the presented architecture could be generalized to other high-value targets (executive management, system administrators) and integrated with institutional mail clients and broader risk management systems in future deployments (Miyamoto et al., 21 Jan 2026).