TraceScope: Interactive URL Triage via Decoupled Checklist Adjudication

arXiv:2604.21840v1 presents TraceScope, a decoupled triage pipeline for interactive URL forensics against modern phishing campaigns that evade snapshot-based classifiers using interaction gates, delayed rendering, and logo-less credential harvesters. The system uses a sandboxed operator agent to drive a real GUI browser guided by visual motivation, freezing sessions into immutable evidence bundles. An adjudicator agent queries evidence on demand to verify a MITRE ATT&CK checklist and generates audit-ready reports with IOCs and verdicts. Evaluated on...