An Agentic Operationalization of DISARM for FIMI Investigation on Social Media

Foreign Information Manipulation and Interference (FIMI) on social media poses a significant threat to democratic processes. This paper proposes a framework-agnostic agent-based operationalization of the DISARM framework to investigate FIMI on social media. It develops a multi-agent AI system where specialized agentic AI components collaboratively detect manipulative behaviors and map them onto standard DISARM taxonomies. Evaluated on real-world datasets, the approach effectively scales FIMI analysis, enhancing situational awareness and data interoperability in media-rich settings.

FIMI investigations are currently high-latency and inconsistent because they rely on human analysts to manually correlate vast amounts of noisy social media data with the complex, hierarchical DISARM framework.

The authors developed a modular Multi-Agent System (MAS). One agent ingests data, another analyzes linguistic features, and a specialized 'Mapper Agent' uses Retrieval Augmented Generation (RAG) to access DISARM TTP definitions and classify the activity. The workflow is iterative, allowing agents to critique and refine the classification before final output.

The proposed system demonstrated a significant reduction in time-to-classification for social media incidents. In testing against a ground-truth dataset of known FIMI campaigns, the agentic system achieved high recall for top-level Tactics, though precision varied at the granular Technique level compared to senior human analysts. It successfully automated the generation of standardized STIX-compatible reports.

The paper successfully addresses a significant pain point in the CTI industry: the manual labor of mapping incidents to frameworks. However, it glosses over the 'black box' nature of LLM decision-making, which is critical in intelligence work where sourcing is everything. The system needs robust explainability features to be trusted by serious analysts.