ORACLE: Anticipating Scams from Partial Trajectories in Streaming App Usage
Summary
ORACLE (Online Reasoning for Anticipating Cross-temporal Latent thrEats) is a novel agentic framework designed for early scam anticipation from streaming smartphone app-usage trajectories. Traditional scam detection methods often fail because real-world scams unfold across multiple applications and over extended periods, with malicious intent emerging gradually from fragmented evidence. ORACLE addresses this by employing a self-evolving context manager that consolidates entity-centric interactions over time, reconstructing cross-temporal evidence from partial observations. It also features an on-policy self-distillation scheme where a teacher model, informed by anti-scam reflections, supervises a student model to enhance sensitivity to latent early-stage signals. The framework is evaluated on a curated, real-world long-horizon benchmark covering 12 scam types, 95 apps, and average spans of 15 days, demonstrating improved early scam anticipation with timely warnings and reduced false alerts compared to existing LLM baselines like GPT-5.1.
Key takeaway
For research scientists developing fraud detection systems, ORACLE's approach to anticipating multi-stage scams from streaming app usage offers a robust framework. You should consider implementing agentic designs with self-evolving context managers and on-policy self-distillation to improve early warning capabilities and reduce false positives, moving beyond isolated content analysis to cross-temporal behavioral reasoning.
Key insights
ORACLE anticipates multi-stage smartphone scams by integrating cross-temporal app usage and distilling expert knowledge.
Principles
- Scam intent emerges gradually across apps and time.
- Early detection requires cross-temporal reasoning.
- Self-distillation improves latent signal recognition.
Method
ORACLE uses a self-evolving context manager for entity-centric memory and an on-policy self-distillation scheme. A teacher model with anti-scam reflections supervises a student model, internalizing evidence-informed knowledge for early fraud pattern recognition.
In practice
- Curate long-horizon app-usage benchmarks.
- Use functional app categories to reduce bias.
- Combine KL divergence and CE loss for training.
Topics
- ORACLE Framework
- Scam Anticipation
- Streaming App Usage
- Self-Evolving Context Manager
- On-Policy Self-Distillation
Best for: Research Scientist, AI Scientist, Machine Learning Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by cs.LG updates on arXiv.org.