Anti-Brandolini strategies: building an immune system

The right paradigm: immune system, not firewall

A common mistake: thinking of your informational defense as a firewall — blocking bullshit before it enters. This is impossible: production is too cheap, channels are too numerous.

The right model is the immune system:

  • Innate: passive barriers in place before the attack
  • Adaptive: rapid recognition and response to known pathogens
  • Memory: capitalizing on past attacks to respond faster next time

This analogy structures the six layers below.

Layer 1: Single Source of Truth (SSOT)

Principle: for each critical fact about your product or company, there is one canonical URL you can cite in any conversation.

Critical fact Recommended canonical URL
Pricing /pricing with last-update date visible
Security & compliance /security or /trust with SOC2, ISO, GDPR reports
Roadmap & changelog /changelog or versioned public /roadmap
Competitor comparisons /vs/[competitor] (1 page per major competitor)
Quantitative case studies /customers/[client] with validated numbers

Quality criteria for an SSOT:

  • ✅ Explicit last-update date
  • ✅ Identified author (real human)
  • ✅ Citable in 1 link (not a 40-page PDF)
  • ✅ Indexed by Google (appears on page 1 for the corresponding search)
  • ✅ Referenced from all other pages (internal authority)

Metric: for each objection category, measure the time-to-link — how long an SDR takes to find and send the right link. Target: < 30 seconds.

Layer 2: Pre-bunking (cognitive inoculation)

Principle: expose your audience to a weakened version of a bullshit + its denial, before they encounter the real version. This is the cognitive vaccination mechanism documented by van der Linden, Roozenbeek et al. (Cambridge, Nature, 2022).

The effect is measured: pre-bunked subjects resist 70-80% of future attacks based on the same technique.

Practical implementation:

Format Effect Example
"What people get wrong about us" page Long-term, SEO List of 10 misconceptions + corrections
"Why X says we don't have feature Y" section Sales cycle Anticipates competitor battlecard
Newsletter "The 3 things you'll hear about us next month" Community Pre-empts seasonal attacks
CEO podcast/video on misconceptions Authenticity Cost of fake = high

Classic mistake: over-nuancing the pre-bunking. The refutation must be simpler and more vivid than the attack, otherwise cognition imprints on the more memorable version.

Layer 3: Monitoring and rapid detection

Goal: detect attacks in < 4h, ideally < 1h.

Minimum viable stack:

graph LR
    A[Sources] --> B[Aggregator]
    B --> C[LLM sorter<br/>signal vs noise]
    C --> D[Slack alerting]
    D --> E[Routing<br/>by severity]
    E --> F[Weekly dashboard]
    style C fill:#e1f5fe
    style D fill:#c8e6c9
Source Tool Detection latency
Reddit Pushshift API + alerts 15 min
Hacker News HN API + Algolia 30 min
Twitter/X Keyword list 1h
Google news + blog Google Alerts + RSS 1-3h
G2/Trustpilot reviews Platform API 1h
LLM chats (ChatGPT etc.) NPS poll "how did you learn X?" 7-30 days

Severity routing:

  • Critical (visibility > 10k views OR customer mentioned) → CEO + Comm + Sales lead, response in < 2h
  • High (visibility > 1k OR direct competitor named) → Comm + Sales lead, response in < 24h
  • Standard → Comm, handled within the week
  • Noise → archived for pattern detection

Layer 4: T-2h response playbook

When a critical attack lands, the team must be able to act in < 2h. For this, playbooks must be pre-written, not improvised.

Playbook template (1 page max)

## Playbook: [attack type]

### Detection
- Signals: [list]
- Priority sources: [list]

### Decision (matrix)
- Visibility × Identity → Action
- (cf. matrix from chapter 4)

### Actors and roles (T-2h)
- T+0: detection + Slack escalation
- T+30: Go/No-Go decision by designated owner
- T+60: response draft (LLM-assisted, human validation)
- T+90: legal validation if needed
- T+120: publication

### Ready-to-use resources
- Corresponding SSOT link
- 3 memorizable key numbers
- 2 reachable customer ambassador examples

### Mandatory post-mortem (T+7d)
- What worked
- Real cost (hours × people)
- Playbook update

Maintain 5-10 playbooks covering 80% of typical attacks in your industry.

Layer 5: Ambassador mobilization

Principle: the most effective defense isn't your denial, it's a credible third party defending you. This is the direct application of social proof (Cialdini, 1984) to brand defense.

Building an ambassador reserve:

Type Target quantity Activation
Vocal power user customers 20-50 Personal CEO ping
Positive ex-employees 5-15 LinkedIn DM
Public investors 3-10 Support tweet
Technology partners 5-20 Quote in your communications
Allied journalists/analysts 5-10 Preventive briefing

Golden rules:

  • ❌ NEVER script what they should say (detected manipulation = backfire)
  • ✅ Provide them with quantitative facts + links; they choose the words
  • ✅ Reciprocity: support them publicly when they're under attack
  • ✅ No financial incentive (= detectable corruption)

Metric: when you launch a mobilization signal, how many public supports within 24h? Target: ≥ 5 on critical attack.

Layer 6: Capitalization and learning

Every handled attack must feed your immune memory. Three artifacts to maintain:

Artifact 1: the attack registry

A table (Notion, Airtable) with:

  • Date, source, content
  • Category (FUD, fake review, hallucination, journalism)
  • Real visibility (views, shares)
  • Action taken + elapsed time
  • Cost in hours
  • Measured effect (NPS, sales, support volume)

Allows you to calculate the real ROI of your informational defense.

Artifact 2: the recurring bullshit list

Top 10 misconceptions about your product, updated quarterly. Used to:

  • Train new SDRs (1h onboarding)
  • Feed the SSOT page "What people get wrong"
  • Pre-empt new attacks (variations on known themes)

Artifact 3: industry weak signals

Watching attacks suffered by other actors in your sector. Many attacks propagate — if a competitor is attacked on security, you will be within 6 months.

Advanced tactic: the "truth flood"

When a critical attack has succeeded in passing your 24h window and settles in, the truth flood strategy consists of publishing in parallel:

  • 1 long, factual blog post (durable SEO)
  • 1 X/LinkedIn thread by the CEO
  • 1 video of 3-5 min responding directly
  • 5-10 spontaneous ambassador posts
  • 1 newsletter dedicated to the existing base
  • 1 corresponding SSOT update

Effect: drown the bullshit in a volume of signal that dominates SEO and audience memory. Costly (40-100h team) — reserved for critical cases.

When NOT to respond

Three situations where non-response is strategically superior:

  1. Identity tribal audience: identity multiplier > 50, your response feeds the attack
  2. Visibility < 100 views at T+72h: the attack burns out on its own
  3. Non-credible source: anonymous account, unknown blog, few shares — responding amplifies

In these cases: log for pattern detection, don't spend public energy.

Metrics of a mature informational immune system

Metric Beginner level Mature level
Time-to-detection (critical attack) > 48h < 4h
Time-to-link (SDR to SSOT) > 5 min < 30 sec
Playbook coverage (% typical attacks) < 20% > 80%
Number of activatable ambassadors < 5 > 30
Volume of pre-bunking published/month 0 4-8 articles
Defense hours / month Reactive chaos < 40h planned

Key takeaways

  • Think immune system, not firewall
  • Six layers: SSOT, pre-bunking, monitoring, playbooks, ambassadors, capitalization
  • The 0-24h window is critical — prepare playbooks BEFORE
  • NEVER script ambassadors; provide facts + links
  • Truth flood reserved for critical cases (40-100h)
  • Knowing when not to respond is also a skill
  • Key metric: time-to-link < 30 sec for your SDRs

We use Microsoft Clarity to understand how the site is used and improve it. By continuing to browse, you accept it. You can disable it at any time.