LLM Agents Simulate Email Networks, Reveal Phishing Vulnerabilities

Large Language Model multi-agent systems promise realistic human behavior simulation but falter when modeling the full structural and temporal dynamics of real-world networks. Researchers from Georgia Tech and other institutions tested existing LLM agents on email network simulations and found they generate plausible individual messages (micro-level) but fail to reproduce the emergent, large-scale topology (macro-level) critical for domains like cybersecurity and information propagation. The agents could not sustain long-term interactions or accurately model how activity spikes and decays over time—a key feature of real communication networks.

To fix this, the team proposes two easily integrable extensions: first, data-driven event triggers that prompt agents to initiate interactions based on empirical network patterns, ensuring organic long-horizon dynamics. Second, they embed Hawkes processes—a statistical model for self-exciting events—to capture temporal activation patterns like bursty communication. Applied to phishing campaign synthesis, their framework generates realistic attack sequences that exploit structural vulnerabilities, such as targeting highly connected individuals. This work bridges the gap between micro-level plausibility and macro-level realism, offering a powerful tool for cybersecurity researchers to test defenses against evolving threats.