With the spread of generative AI in recent years, attacks known as Whaling have become a serious threat. Whaling is a form of social engineering that targets important high-authority individuals within organizations and uses sophisticated fraudulent emails. In the context of Japanese universities, faculty members frequently hold positions that combine research leadership with authority within institutional workflows. This structural characteristic leads to the wide public disclosure of high-value information such as publications, grants, and detailed researcher profiles. Such extensive information exposure enables the construction of highly precise target profiles using generative AI. This raises concerns that Whaling attacks based on high-precision profiling by generative AI will become prevalent. In this study, we propose a Whaling countermeasure framework for university faculty members that constructs personalized defense profiles and uses large language model (LLM)-based agents. We design agents that (i) build vulnerability profiles for each target from publicly available information on faculty members, (ii) identify potential risk scenarios relevant to Whaling defense based on those profiles, (iii) construct defense profiles corresponding to the vulnerabilities and anticipated risks, and (iv) analyze Whaling emails using the defense profiles. Furthermore, we conduct a preliminary risk-assessment experiment. The results indicate that the proposed method can produce judgments accompanied by explanations of response policies that are consistent with the work context of faculty members who are Whaling targets. The findings also highlight practical challenges and considerations for future operational deployment and systematic evaluation.

翻译：随着近年来生成式人工智能的普及，被称为"鲸钓攻击"的社会工程学攻击已成为严重威胁。鲸钓攻击是一种针对组织内具有重要职权的高层人士、使用高度伪造电子邮件的社会工程学手段。在日本大学环境中，教职人员通常兼具研究领导职责与机构工作流程中的审批权限。这种结构性特征导致高价值信息（如学术论文、科研经费、详细研究者档案）被广泛公开披露。如此大规模的信息暴露使得攻击者能够利用生成式AI构建高度精确的目标画像。这引发了基于生成式AI高精度画像的鲸钓攻击可能广泛蔓延的担忧。本研究提出面向大学教职人员的鲸钓攻击防范框架，该框架通过构建个性化防御画像并运用基于大语言模型（LLM）的智能体实现防护。我们设计了具备以下功能的智能体：（i）从教职人员公开信息中构建个体脆弱性画像；（ii）基于该画像识别与鲸钓防御相关的潜在风险场景；（iii）针对脆弱性与预期风险构建相应防御画像；（iv）运用防御画像分析鲸钓攻击邮件。此外，我们开展了初步风险评估实验。结果表明，所提方法能够生成符合鲸钓目标教职人员工作情境的响应策略解释与判断。研究结果同时揭示了未来实际部署与系统化评估中需应对的现实挑战与考量因素。