Phishing websites remain a major cybersecurity threat, exploiting deceptive structures, brand impersonation, and social engineering to evade detection. Recent advances in large language models (LLMs) have improved phishing detection through contextual understanding, yet most existing approaches rely on single-agent classification, which is prone to hallucination and often lacks interpretability and robustness. To address these limitations, we propose PhishDebate, a modular multi-agent LLM-based debate framework for phishing website detection. Four specialized agents independently analyze webpage aspects, including URL structure, HTML composition, semantic content, and brand impersonation, under the coordination of a Moderator and final Judge. Through structured debate and divergent reasoning, the framework achieves more accurate and interpretable decisions. By reducing uncertain predictions and providing transparent reasoning, PhishDebate functions as an analyst-augmentation system that lowers cognitive load and supports early, left-of-exploit detection of phishing threats. Evaluations on commercial LLMs show that PhishDebate achieves 98.2 % recall on a real-world phishing dataset and outperforms single-agent and Chain-of-Thought (CoT) baselines. Its modular design enables agent-level configurability, allowing adaptation to varying resource and application requirements, and offers scalability to high-velocity, large-scale security data environments.

翻译：钓鱼网站仍是网络安全的主要威胁，其利用欺骗性结构、品牌仿冒和社会工程学手段规避检测。大型语言模型的最新进展通过上下文理解提升了钓鱼检测能力，但现有方法大多依赖单智能体分类，易产生幻觉且往往缺乏可解释性与鲁棒性。为应对这些局限，我们提出PhishDebate——一种模块化的基于多智能体LLM的辩论框架，用于钓鱼网站检测。在协调器与最终裁决者的调度下，四个专业智能体分别独立分析网页的URL结构、HTML构成、语义内容及品牌仿冒特征。通过结构化辩论与发散式推理，该框架实现了更精准且可解释的决策。通过减少不确定预测并提供透明推理，PhishDebate可作为分析师增强系统，降低认知负荷并支持对钓鱼威胁进行早期、利用前阶段的检测。在商用LLM上的评估表明，PhishDebate在真实钓鱼数据集上达到98.2%的召回率，优于单智能体及思维链基线方法。其模块化设计支持智能体级可配置性，可适配不同资源与应用需求，并具备面向高流速、大规模安全数据环境的可扩展性。