An open source, AI-driven system adopts victim personas to engage with phishing attackers, allowing organizations and law enforcement to gather relevant data on cybercriminal operations.

July 10, 2026

Everyone who uses email has at some point been sent a malicious phishing email attempting to scam them out of money. Some have even engaged with an attacker unwittingly, perhaps falling prey to social-engineering tactics.

What happens to most of these malicious emails is that they get deleted, either by users or by security software designed to recognize and eliminate the threat. But what would happen if organizations could turn the tables and scam the scammers at scale, using artificial intelligence (AI) to masquerade as a victim? That's exactly what Laurent Giovannoni, principal software engineer with Filigran, envisions doing with a software solution he calls ScamBuster.

Inspired by stories of friends who had been scammed by phishing attacks, Giovannoni created ScamBuster as part of his thesis while studying at the French engineering university École Polytechnique. He plans to formally unveil the ScamBuster system, which has been in production since November 2025, at Black Hat USA 2026 in Las Vegas in August.