Badhe (2025) demonstrates that autonomous LLM-based agents can simulate persuasive scam calls that bypass safety guardrails designed for single-turn interactions, reducing model refusal rates from 84-100% to 17-32% across 270 experiments with GPT-4, Claude 3.7, and LLaMA3-70B. The security literature treats this as a technical safety problem requiring multi-turn moderation and persona restrictions. This paper argues it is an evolutionary one. Drawing on Extended Phenotype Theory (Dawkins 1982), Parasitic Spontaneous Order (Lerer 2026), and Asymmetric Intentionality Theory (Lerer 2025-2026), I reinterpret ScamAgent's architecture as a case study in memetic colonization of new reproductive substrates. Four claims follow. First, ScamAgent inverts the Herley filter: where traditional scams use implausibility to select credulous targets (r-strategy), agentic fraud uses adaptive planning to overcome skeptical ones (K-strategy), representing a qualitative shift in parasitic fitness with testable demographic predictions. Second, the agentic fraud ecosystem constitutes a Parasitic Spontaneous Order structurally analogous to predatory academic publishing, exhibiting the four diagnostic features of institutional mimicry, intent decomposition, infrastructure exploitation, and absence of central design. Third, the intentionality mismatch between Level 1 optimization (the agent) and Level 3 reasoning (the victim) maps onto the liability framework developed for corporate actors, with differential model refusal rates providing an unexpected empirical window into the depth of intentionality-level emulation across model families. Fourth, the Argentine PAMI fraud campaigns (2020-2025), where organized bands impersonated public health institutions to exploit elderly populations during COVID-19, demonstrate that ScamAgent's five experimental scenarios are automated versions of fraud memes with proven fitness in real populations, and that existing Argentine jurisprudence on hyper-vulnerable consumers and objective liability for digital banking already provides the doctrinal infrastructure for extending liability to LLM providers. Six falsifiable predictions are formalized. The findings suggest that regulatory responses calibrated for prompt-level misuse will fail against agentic threats for the same evolutionary reason that single-turn safety filters fail: they assume static adversaries in a system that selects for adaptive ones.
Ignacio Adrián LERER (Mon,) studied this question.