Anti-Brandolini strategies: building an immune system
The right paradigm: immune system, not firewall
A common mistake: thinking of your informational defense as a firewall — blocking bullshit before it enters. This is impossible: production is too cheap, channels are too numerous.
The right model is the immune system:
- Innate: passive barriers in place before the attack
- Adaptive: rapid recognition and response to known pathogens
- Memory: capitalizing on past attacks to respond faster next time
This analogy structures the six layers below.
Layer 1: Single Source of Truth (SSOT)
Principle: for each critical fact about your product or company, there is one canonical URL you can cite in any conversation.
| Critical fact | Recommended canonical URL |
|---|---|
| Pricing | /pricing with last-update date visible |
| Security & compliance | /security or /trust with SOC2, ISO, GDPR reports |
| Roadmap & changelog | /changelog or versioned public /roadmap |
| Competitor comparisons | /vs/[competitor] (1 page per major competitor) |
| Quantitative case studies | /customers/[client] with validated numbers |
Quality criteria for an SSOT:
- ✅ Explicit last-update date
- ✅ Identified author (real human)
- ✅ Citable in 1 link (not a 40-page PDF)
- ✅ Indexed by Google (appears on page 1 for the corresponding search)
- ✅ Referenced from all other pages (internal authority)
Metric: for each objection category, measure the time-to-link — how long an SDR takes to find and send the right link. Target: < 30 seconds.
Layer 2: Pre-bunking (cognitive inoculation)
Principle: expose your audience to a weakened version of a bullshit + its denial, before they encounter the real version. This is the cognitive vaccination mechanism documented by van der Linden, Roozenbeek et al. (Cambridge, Nature, 2022).
The effect is measured: pre-bunked subjects resist 70-80% of future attacks based on the same technique.
Practical implementation:
| Format | Effect | Example |
|---|---|---|
| "What people get wrong about us" page | Long-term, SEO | List of 10 misconceptions + corrections |
| "Why X says we don't have feature Y" section | Sales cycle | Anticipates competitor battlecard |
| Newsletter "The 3 things you'll hear about us next month" | Community | Pre-empts seasonal attacks |
| CEO podcast/video on misconceptions | Authenticity | Cost of fake = high |
Classic mistake: over-nuancing the pre-bunking. The refutation must be simpler and more vivid than the attack, otherwise cognition imprints on the more memorable version.
Layer 3: Monitoring and rapid detection
Goal: detect attacks in < 4h, ideally < 1h.
Minimum viable stack:
graph LR
A[Sources] --> B[Aggregator]
B --> C[LLM sorter<br/>signal vs noise]
C --> D[Slack alerting]
D --> E[Routing<br/>by severity]
E --> F[Weekly dashboard]
style C fill:#e1f5fe
style D fill:#c8e6c9
| Source | Tool | Detection latency |
|---|---|---|
| Pushshift API + alerts | 15 min | |
| Hacker News | HN API + Algolia | 30 min |
| Twitter/X | Keyword list | 1h |
| Google news + blog | Google Alerts + RSS | 1-3h |
| G2/Trustpilot reviews | Platform API | 1h |
| LLM chats (ChatGPT etc.) | NPS poll "how did you learn X?" | 7-30 days |
Severity routing:
- Critical (visibility > 10k views OR customer mentioned) → CEO + Comm + Sales lead, response in < 2h
- High (visibility > 1k OR direct competitor named) → Comm + Sales lead, response in < 24h
- Standard → Comm, handled within the week
- Noise → archived for pattern detection
Layer 4: T-2h response playbook
When a critical attack lands, the team must be able to act in < 2h. For this, playbooks must be pre-written, not improvised.
Playbook template (1 page max)
## Playbook: [attack type]
### Detection
- Signals: [list]
- Priority sources: [list]
### Decision (matrix)
- Visibility × Identity → Action
- (cf. matrix from chapter 4)
### Actors and roles (T-2h)
- T+0: detection + Slack escalation
- T+30: Go/No-Go decision by designated owner
- T+60: response draft (LLM-assisted, human validation)
- T+90: legal validation if needed
- T+120: publication
### Ready-to-use resources
- Corresponding SSOT link
- 3 memorizable key numbers
- 2 reachable customer ambassador examples
### Mandatory post-mortem (T+7d)
- What worked
- Real cost (hours × people)
- Playbook update
Maintain 5-10 playbooks covering 80% of typical attacks in your industry.
Layer 5: Ambassador mobilization
Principle: the most effective defense isn't your denial, it's a credible third party defending you. This is the direct application of social proof (Cialdini, 1984) to brand defense.
Building an ambassador reserve:
| Type | Target quantity | Activation |
|---|---|---|
| Vocal power user customers | 20-50 | Personal CEO ping |
| Positive ex-employees | 5-15 | LinkedIn DM |
| Public investors | 3-10 | Support tweet |
| Technology partners | 5-20 | Quote in your communications |
| Allied journalists/analysts | 5-10 | Preventive briefing |
Golden rules:
- ❌ NEVER script what they should say (detected manipulation = backfire)
- ✅ Provide them with quantitative facts + links; they choose the words
- ✅ Reciprocity: support them publicly when they're under attack
- ✅ No financial incentive (= detectable corruption)
Metric: when you launch a mobilization signal, how many public supports within 24h? Target: ≥ 5 on critical attack.
Layer 6: Capitalization and learning
Every handled attack must feed your immune memory. Three artifacts to maintain:
Artifact 1: the attack registry
A table (Notion, Airtable) with:
- Date, source, content
- Category (FUD, fake review, hallucination, journalism)
- Real visibility (views, shares)
- Action taken + elapsed time
- Cost in hours
- Measured effect (NPS, sales, support volume)
Allows you to calculate the real ROI of your informational defense.
Artifact 2: the recurring bullshit list
Top 10 misconceptions about your product, updated quarterly. Used to:
- Train new SDRs (1h onboarding)
- Feed the SSOT page "What people get wrong"
- Pre-empt new attacks (variations on known themes)
Artifact 3: industry weak signals
Watching attacks suffered by other actors in your sector. Many attacks propagate — if a competitor is attacked on security, you will be within 6 months.
Advanced tactic: the "truth flood"
When a critical attack has succeeded in passing your 24h window and settles in, the truth flood strategy consists of publishing in parallel:
- 1 long, factual blog post (durable SEO)
- 1 X/LinkedIn thread by the CEO
- 1 video of 3-5 min responding directly
- 5-10 spontaneous ambassador posts
- 1 newsletter dedicated to the existing base
- 1 corresponding SSOT update
Effect: drown the bullshit in a volume of signal that dominates SEO and audience memory. Costly (40-100h team) — reserved for critical cases.
When NOT to respond
Three situations where non-response is strategically superior:
- Identity tribal audience: identity multiplier > 50, your response feeds the attack
- Visibility < 100 views at T+72h: the attack burns out on its own
- Non-credible source: anonymous account, unknown blog, few shares — responding amplifies
In these cases: log for pattern detection, don't spend public energy.
Metrics of a mature informational immune system
| Metric | Beginner level | Mature level |
|---|---|---|
| Time-to-detection (critical attack) | > 48h | < 4h |
| Time-to-link (SDR to SSOT) | > 5 min | < 30 sec |
| Playbook coverage (% typical attacks) | < 20% | > 80% |
| Number of activatable ambassadors | < 5 | > 30 |
| Volume of pre-bunking published/month | 0 | 4-8 articles |
| Defense hours / month | Reactive chaos | < 40h planned |
Key takeaways
- Think immune system, not firewall
- Six layers: SSOT, pre-bunking, monitoring, playbooks, ambassadors, capitalization
- The 0-24h window is critical — prepare playbooks BEFORE
- NEVER script ambassadors; provide facts + links
- Truth flood reserved for critical cases (40-100h)
- Knowing when not to respond is also a skill
- Key metric: time-to-link < 30 sec for your SDRs