Magnetic network
Fake companies that look real. Scam crews find them, think they are easy money, and open the conversation. I do not wait to be a target. I build the target.
// AUTONOMOUS MULTI-AGENT THREAT INTELLIGENCE //
SCAMBUSTER
WE HUNT THE HUNTERS
Social engineering, turned around. An autonomous AI that gets scammers to hand over their own infrastructure.
PRESENTED AT BLACK HAT USA 2026
HUMAN FACTORS TRACK
SCROLL
// THE IDEA //
Scammers win by working human psychology.
Authority. Urgency. Secrecy. Those are the buttons they press to get someone to send money. Every defense we build points the same way: stop us from falling for it. Almost nobody turns it around.
So I turned it around.
ScamBuster runs AI personas that play the exact victim a scammer hunts. The persona presses his buttons back, keeps him talking, and walks him to the one moment he shows his hand: where he gets paid.
"Their psychology is the vulnerability. The persona is the exploit."
// HOW IT WORKS //
Six moving parts, one objective.
Personas that learn
A learning loop scores every persona on the intelligence it pulls, financial indicators most of all. It keeps sending in the persona that gets the scammer to pay.
multi-armed banditMulti-agent engine
Six agents run each conversation on their own. They classify the scam, write the reply, pull the indicators, check them, catch hijack attempts, and keep it all moving.
Indicators your feed misses
Bank accounts, phones, the cash-out setup. Pulled first-hand from the criminal, the moment he hands it over. Exported as STIX 2.1 and MISP.
Actor clustering
The same accounts and phones come back across many victims. A pile of separate scam emails turns into a map of who feeds the same money pipe.
Built safe
Scammers try to hijack the AI. A two-layer injection defense, a deterministic outgoing filter, rate limits, and a kill switch keep it in line.
// WHY IT MATTERS //
Your feed is blind where the money leaves.
Threat feeds are full of malware indicators: domains, IPs, hashes. Wire fraud runs on bank accounts, phones, and people. That kind of indicator almost never reaches a feed, because nobody is sitting in the conversation to collect it. ScamBuster is. It collects at the cash-out layer, from the source, in real time.
// BLACK HAT USA 2026 //
ScamBuster: Social Engineering Scammers at Scale
A 40-minute Briefing on the Human Factors track. Mandalay Bay, Las Vegas, August 2026. How an autonomous AI turns scammers into unwilling intelligence sources, what it pulls out of them, and what that means for fraud and threat intelligence.
> Session page// OPEN SOURCE //
Open.
The framework is open source under the MIT license.
> Code on GitHub