pith. sign in

arxiv: 2508.21457 · v3 · pith:JHDHT2OXnew · submitted 2025-08-29 · 💻 cs.CR

SoK: Exposing the Generation and Detection Gaps in LLM-Generated Phishing

Fengchao Chen , Tingmin Wu , Van Nguyen , Carsten Rudolph This is my paper

Pith reviewed 2026-05-18 20:53 UTC · model grok-4.3

classification 💻 cs.CR
keywords LLM-generated phishingphishing detectionLLM safety guardrailsattack taxonomydefense asymmetrycybersecurityadversarial adaptationsystematization of knowledge
0
0 comments X p. Extension
pith:JHDHT2OX Add to your LaTeX paper What is a Pith Number? 
\usepackage{pith}
\pithnumber{JHDHT2OX}

Prints a linked pith:JHDHT2OX badge after your title and writes the identifier into PDF metadata. Compiles on arXiv with no extra files. Learn more

The pith

LLM-generated phishing exposes a critical asymmetry in which offensive mechanisms adapt dynamically while defensive strategies remain static.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper aims to deliver the first complete review of how large language models generate phishing content that tricks users into handing over private data. It lays out a nine-stage taxonomy showing the specific steps attackers take to get past the safety controls built into LLMs. The review finds that these models let attackers quickly personalize messages, avoid obvious warning words, and adjust tactics to different targets, while existing detection tools do not change in response. This gap matters because phishing works by shaping what people see in text and images, and faster generation makes large-scale campaigns easier to run. The authors also map current defenses, note where they fall short, and sketch a path forward for better protection.

Core claim

This paper claims to deliver the first holistic examination of LLM-generated phishing content by adopting a modular taxonomy of nine stages by which adversaries breach LLM safety guardrails, characterizing how such content evades detectors while emphasizing human cognitive manipulation, and taxonomizing defense techniques aligned with generation methods to expose the critical asymmetry that offensive mechanisms adapt dynamically to attack scenarios whereas defensive strategies remain static and reactive, along with insights, gaps, and a suggested roadmap.

What carries the argument

A nine-stage modular taxonomy documenting the pathways adversaries use to breach LLM safety guardrails, which traces exploitation, characterizes resulting threats, and supports the contrast with static defense techniques.

If this is right

  • Detection systems must move beyond static approaches to handle the dynamic adaptation possible in LLM-generated phishing.
  • The nine-stage taxonomy offers a structured way to strengthen LLM safety guardrails against phishing misuse.
  • Current detectors are challenged by personalized content and stealthy keywords, pointing to the need for scenario-aware methods.
  • The identified gaps in the literature support development of a roadmap for scalable countermeasures.
  • Aligning defense taxonomies with generation methods reveals where reactivity limits effectiveness against evolving attacks.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the asymmetry is accurate, detection tools that incorporate feedback loops similar to attacker adaptation could narrow the performance difference.
  • The nine-stage taxonomy might serve as a template for examining LLM misuse in generating other forms of deceptive content.
  • Applying the roadmap in controlled tests against real LLM phishing samples would check whether the proposed steps improve outcomes.
  • Patterns of dynamic offensive use versus static defense could appear in other domains where generative models create social-engineering material.

Load-bearing premise

The existing literature on LLM phishing is comprehensive and representative enough to support both the nine-stage taxonomy and the claimed asymmetry between dynamic offensive methods and static defensive ones.

What would settle it

A subsequent review that identifies a substantially different set of stages for breaching LLM guardrails or presents clear evidence of defensive techniques that have begun to adapt dynamically to LLM phishing campaigns would challenge the central claims.

Figures

Figures reproduced from arXiv: 2508.21457 by Carsten Rudolph, Fengchao Chen, Tingmin Wu, Van Nguyen.

Figure 1
Figure 1. Figure 1: A Full-Lifecycle Taxonomy of LLM-Enabled Phishing: From Generation, Characterization to Defense. [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Flow diagram summarizing paper screening [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The distribution of screened paper that covers the work for each year based on research ques￾tions (from 2018 to 2025.6). Numbers inside the bars denote the count of studies focused on generation, characterization, and defense. The numbers in front of each bar are the total count of papers in that year. were also considered in our review to ensure breadth and timeliness, though they may later be formally p… view at source ↗
Figure 4
Figure 4. Figure 4: Full-lifecycle taxonomy of LLM-generated text-based phishing campaigns, spanning generation [PITH_FULL_IMAGE:figures/full_fig_p012_4.png] view at source ↗
read the original abstract

Phishing campaigns involve adversaries masquerading as trusted vendors trying to trigger user behavior that enables them to exfiltrate private data. While URLs are an important part of phishing campaigns, communicative elements like text and images are central in triggering the required user behavior. Further, due to advances in phishing detection, attackers react by scaling campaigns to larger numbers and diversifying and personalizing content. In addition to established mechanisms, such as template-based generation, large language models (LLMs) can be used for phishing content generation, enabling attacks to scale in minutes, challenging existing phishing detection paradigms through personalized content, stealthy explicit phishing keywords, and dynamic adaptation to diverse attack scenarios. Countering these dynamically changing attack campaigns requires a comprehensive understanding of the complex LLM-related threat landscape. Existing studies are fragmented and focus on specific areas. In this work, we provide the first holistic examination of LLM-generated phishing content. First, to trace the exploitation pathways of LLMs for phishing content generation, we adopt a modular taxonomy documenting nine stages by which adversaries breach LLM safety guardrails. We then characterize how LLM-generated phishing manifests as threats, revealing that it evades detectors while emphasizing human cognitive manipulation. Third, by taxonomizing defense techniques aligned with generation methods, we expose a critical asymmetry that offensive mechanisms adapt dynamically to attack scenarios, whereas defensive strategies remain static and reactive. Finally, based on a thorough analysis of the existing literature, we highlight insights and gaps and suggest a roadmap for understanding and countering LLM-driven phishing at scale.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper is a Systematization of Knowledge (SoK) on LLM-generated phishing. It proposes a nine-stage modular taxonomy tracing how adversaries breach LLM safety guardrails to generate phishing content, characterizes the resulting threats (detector evasion and cognitive manipulation), aligns defense techniques to generation stages, and asserts a critical asymmetry: offensive mechanisms adapt dynamically to scenarios while defenses remain static and reactive. It concludes with literature-derived insights, gaps, and a research roadmap.

Significance. If the taxonomy and asymmetry are substantiated by comprehensive coverage, the work would usefully consolidate a fragmented area and motivate adaptive defenses. As an SoK it offers no new experiments or proofs but could serve as a reference if the synthesis is shown to be systematic.

major comments (2)
  1. [Abstract, §1] Abstract and §1: the claim of providing the 'first holistic examination' and 'thorough analysis of the existing literature' to derive the nine-stage taxonomy and asymmetry is not supported by any description of search methodology, databases, keywords, inclusion/exclusion criteria, or coverage metrics (e.g., number of papers reviewed or PRISMA-style flow). This is load-bearing for both the taxonomy and the asymmetry conclusion.
  2. [Defense taxonomy section] Defense taxonomy section (aligned with generation methods): the central asymmetry claim—that 'offensive mechanisms adapt dynamically to attack scenarios, whereas defensive strategies remain static and reactive'—is asserted qualitatively without operational definitions (e.g., what counts as dynamic adaptation: online retraining, prompt evolution, scenario-specific generation?) or any tabulated counts/percentages of adaptive vs. non-adaptive works across the reviewed literature. If the taxonomy merely partitions existing static detectors separately from generation methods, the asymmetry is interpretive rather than measured.
minor comments (2)
  1. [Abstract] The abstract states that 'URLs are an important part of phishing campaigns' yet the scope focuses on text and images; clarify whether URL-based LLM phishing is in or out of scope.
  2. [Taxonomy sections] Ensure all nine stages of the generation taxonomy are explicitly numbered and cross-referenced to the aligned defense taxonomy for readability.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive feedback, which highlights opportunities to enhance the transparency and rigor of our SoK. We address each major comment point-by-point below and commit to revisions that strengthen the manuscript without altering its core contributions.

read point-by-point responses

  1. Referee: [Abstract, §1] Abstract and §1: the claim of providing the 'first holistic examination' and 'thorough analysis of the existing literature' to derive the nine-stage taxonomy and asymmetry is not supported by any description of search methodology, databases, keywords, inclusion/exclusion criteria, or coverage metrics (e.g., number of papers reviewed or PRISMA-style flow). This is load-bearing for both the taxonomy and the asymmetry conclusion.

    Authors: We acknowledge that explicit documentation of the literature search process is absent from the current draft. As an SoK, the nine-stage taxonomy and asymmetry are synthesized from key works across LLM safety, phishing, and adversarial ML. In revision, we will add a new subsection 'Literature Search and Synthesis Methodology' early in §1. It will detail databases (arXiv, Google Scholar, IEEE Xplore, ACM Digital Library), search strings (e.g., 'LLM phishing generation', 'LLM jailbreak phishing', 'phishing detector LLM'), inclusion criteria (English-language works 2022–2024 focused on LLM-enabled phishing or guardrail bypass), exclusion criteria (unrelated LLM applications), and coverage (screening ~140 papers, synthesizing 58 in depth). This addition will substantiate the 'thorough analysis' claim and support both the taxonomy derivation and asymmetry conclusion. revision: yes

  2. Referee: [Defense taxonomy section] Defense taxonomy section (aligned with generation methods): the central asymmetry claim—that 'offensive mechanisms adapt dynamically to attack scenarios, whereas defensive strategies remain static and reactive'—is asserted qualitatively without operational definitions (e.g., what counts as dynamic adaptation: online retraining, prompt evolution, scenario-specific generation?) or any tabulated counts/percentages of adaptive vs. non-adaptive works across the reviewed literature. If the taxonomy merely partitions existing static detectors separately from generation methods, the asymmetry is interpretive rather than measured.

    Authors: We agree that operational definitions and some quantification would make the asymmetry more robust. In the revised defense taxonomy section, we will first define 'dynamic adaptation' as the capacity for on-the-fly, scenario-specific modification of attack generation (via prompt chaining, context-aware jailbreak evolution, or lightweight fine-tuning) without full model retraining, as evidenced in generation papers. 'Static and reactive' defenses are those relying on fixed classifiers or rule sets trained on static datasets with no real-time evolution. We will also insert a summary table that classifies each reviewed defense work by adaptive capability and provide aggregate figures drawn from the synthesis (e.g., ~65% of generation techniques exhibit dynamic elements versus ~12% of detection approaches). This keeps the claim grounded in the literature while moving beyond purely interpretive presentation. revision: yes

Circularity Check

0 steps flagged

No circularity in literature synthesis or taxonomy-based asymmetry claim

full rationale

This SoK paper derives its nine-stage generation taxonomy and aligned defense taxonomy through analysis of external literature, then asserts an asymmetry between dynamic offensive adaptation and static defensive strategies. No equations, fitted parameters, or self-referential definitions appear; the central claims rest on review of prior independent works rather than reducing to the paper's own inputs by construction. The derivation chain is self-contained against external benchmarks with no load-bearing self-citations or ansatz smuggling identified.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The analysis rests on domain assumptions about LLM capabilities and the representativeness of surveyed literature rather than new free parameters or invented entities.

axioms (1)
  • domain assumption LLMs can be exploited to generate scalable, personalized, and stealthy phishing content that evades existing detectors
    Invoked in the abstract when describing how LLMs enable attacks to scale in minutes and challenge detection paradigms.

pith-pipeline@v0.9.0 · 5809 in / 1171 out tokens · 37939 ms · 2026-05-18T20:53:29.015212+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

100 extracted references · 100 canonical work pages · 1 internal anchor

  1. [1]

    https://www.verizon.com/business /resources/T646/reports/2024-dbir-data- breach-investigations-report.pdf

    2024 data breach investigations report | verizon. https://www.verizon.com/business /resources/T646/reports/2024-dbir-data- breach-investigations-report.pdf

    work page 2024

  2. [2]

    https://hoxhunt.com/guide/ phishing-trends-report

    2025 phishing trends report. https://hoxhunt.com/guide/ phishing-trends-report

    work page 2025

  3. [3]

    https://www.ibm.com/downloads/ documents/us-en/107a02e94948f4ec

    Cost of a data breach report 2024. https://www.ibm.com/downloads/ documents/us-en/107a02e94948f4ec

    work page 2024

  4. [4]

    https://apnews.com/article/microsoft -generative-ai-offensive-cyber-operations- 3482b8467c81830012a9283fd6b5f529

    Genai-driven offensive cyber ops, 2024. https://apnews.com/article/microsoft -generative-ai-offensive-cyber-operations- 3482b8467c81830012a9283fd6b5f529

    work page 2024

  5. [5]

    https://controld.com/blog/ phishing-statistics-industry-trends/

    Global phishing statistics & industry trends, 2025. https://controld.com/blog/ phishing-statistics-industry-trends/

    work page 2025

  6. [6]

    Next-generation phishing: How llm agents empower cyber at- tackers

    Khalifa Afane, Wenqi Wei, Ying Mao, Junaid Farooq, and Juntao Chen. Next-generation phishing: How llm agents empower cyber at- tackers. In2024 IEEE International Confer- ence on Big Data (BigData), pages 2558–2567. IEEE, 2024

    work page 2024

  7. [7]

    Exploring the potential implications of ai-generated content in social engineering attacks

    Yazan Alahmed, Reema Abadla, and Mo- hammed Jassim Al Ansari. Exploring the potential implications of ai-generated content in social engineering attacks. In2024 Interna- tional Conference on Multimedia Computing, Networking and Applications (MCNA), pages 64–73. IEEE, 2024

    work page 2024

  8. [8]

    Proceedings of the Future Technologies Con- ference (FTC) 2020, Volume 2, volume 1289

    Kohei Arai,Supriya Kapoor,andRahulBhatia. Proceedings of the Future Technologies Con- ference (FTC) 2020, Volume 2, volume 1289. Springer Nature, 2020

    work page 2020

  9. [9]

    Mohammad Asfour and Juan Carlos Murillo. Harnessing large language models to simulate realistic human responses to social engineering attacks: A case study.International Journal of Cybersecurity Intelligence & Cybercrime, 6(2):21–49, 2023

    work page 2023

  10. [10]

    Lateral phishing with large language models: A large organization com- parative study.IEEE Access, 2025

    Mazal Bethany, Athanasios Galiopoulos, Emet Bethany, Mohammad Bahrami Karkevandi, Nicole Beebe, Nishant Vishwamitra, and Pey- man Najafirad. Lateral phishing with large language models: A large organization com- parative study.IEEE Access, 2025

    work page 2025

  11. [11]

    Deciphering textual authenticity: A generalized strategy through the lens of large language semantics for detect- ing human vs.{Machine-Generated}text

    Mazal Bethany, Brandon Wherry, Emet Bethany, Nishant Vishwamitra, Anthony Rios, and Peyman Najafirad. Deciphering textual authenticity: A generalized strategy through the lens of large language semantics for detect- ing human vs.{Machine-Generated}text. In 33rd USENIX Security Symposium (USENIX Security 24), pages 5805–5822, 2024

    work page 2024

  12. [12]

    Ai-enhanced social en- gineering: Evolving tactics in cyber fraud and manipulation

    Rahul Kailas Bharati. Ai-enhanced social en- gineering: Evolving tactics in cyber fraud and manipulation. The Academic–International Journal of Multidisciplinary Research (A Peer Reviewed Refereed Online Journal), 2024. 14

    work page 2024

  13. [13]

    On the feasibility of using multimodal llms to execute ar social engineering attacks.arXiv preprint arXiv:2504.13209, 2025

    Ting Bi, Chenghang Ye, Zheyu Yang, Ziyi Zhou, Cui Tang, Jun Zhang, Zui Tao, Kailong Wang, Liting Zhou, Yang Yang, et al. On the feasibility of using multimodal llms to execute ar social engineering attacks.arXiv preprint arXiv:2504.13209, 2025

    work page arXiv 2025

  14. [14]

    com/epu6w4cp

    Prompt Code Book, 2023.https://tinyurl. com/epu6w4cp

    work page 2023

  15. [15]

    Analyz- ing the impact of ai-generated email marketing content on email deliverability in spam folder placement

    Nasser Bouchareb and Ismail Morad. Analyz- ing the impact of ai-generated email marketing content on email deliverability in spam folder placement. HOLISTICA Journal of Business and Public Administration, 15(1):96–106, 2024

    work page 2024

  16. [16]

    Leveraging eud and generative ai for ethical phishing campaigns

    Bernardo Breve, Paolo Buono, Loredana Caruccio, Federico Maria Cau, Gaetano Cimino, Giuseppe Desolda, Vincenzo Deufemia, Rosa Lanzilotti, Lucio Davide Spano, and Cesare Tucci. Leveraging eud and generative ai for ethical phishing campaigns. In International Symposium on End User Development, pages 264–282. Springer, 2025

    work page 2025

  17. [17]

    Machine learn- ing and watermarking for accurate detection of ai generated phishing emails.Electronics, 14(13):1–21, 2025

    Adrian Brissett and Julie Wall. Machine learn- ing and watermarking for accurate detection of ai generated phishing emails.Electronics, 14(13):1–21, 2025

    work page 2025

  18. [18]

    Finding differences be- tween llm-generated and human-written text: A phishing emails case study

    Alessandro Carelli. Finding differences be- tween llm-generated and human-written text: A phishing emails case study. 2024

    work page 2024

  19. [19]

    Multi-turn hidden back- door in large language model-powered chatbot models

    Bocheng Chen, Nikolay Ivanov, Guangjing Wang,andQiben Yan. Multi-turn hidden back- door in large language model-powered chatbot models. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, pages 1316–1330, 2024

    work page 2024

  20. [20]

    Fengchao Chen, Tingmin Wu, Van Nguyen, Shuo Wang, Hongsheng Hu, Alsharif Abuadbba, and Carsten Rudolph. Adapting to cyber threats: A phishing evolution network (pen) framework for phishing gen- eration and analyzing evolution patterns using large language models.arXiv preprint arXiv:2411.11389, 2024

    work page arXiv 2024

  21. [21]

    Voice phishing fraud and its modus operandi

    Kwan Choi, Ju-lak Lee, and Yong-tae Chun. Voice phishing fraud and its modus operandi. Security Journal, 30(2):454–466, 2017

    work page 2017

  22. [22]

    Phreshphish: A real-world, high-quality, large-scale phishing website dataset and bench- mark

    Thomas Dalton, Hemanth Gowda, Girish Rao, Sachin Pargi, Alireza Hadj Khodabakhshi, Joseph Rombs, Stephan Jou, and Manish Mar- wah. Phreshphish: A real-world, high-quality, large-scale phishing website dataset and bench- mark. arXiv preprint arXiv:2507.10854, 2025

    work page arXiv 2025

  23. [23]

    https://github.com/rmodi6/ Email-Classification/tree/master/ dataset/meetings

    Email Classification Dataset, 2024. https://github.com/rmodi6/ Email-Classification/tree/master/ dataset/meetings

    work page 2024

  24. [24]

    https://www.kaggle.com/datasets/ mandygu/lingspam-dataset

    Ling Spam Email Dataset, 2020. https://www.kaggle.com/datasets/ mandygu/lingspam-dataset

    work page 2020

  25. [25]

    Miller Smiles Phishing Dataset, 2021.http: //www.millersmiles.co.uk/archives.php

    work page 2021

  26. [26]

    https: //it.cornell.edu/phish-bowl

    Phish Bowl Phishing Dataset, 2021. https: //it.cornell.edu/phish-bowl

    work page 2021

  27. [27]

    Preprocessed TREC 2007 Public Corpus Dataset

    work page 2007

  28. [28]

    https:// www.kaggle.com/datasets/jackksoncsie/ spam-email-dataset/data

    Spam Email Dataset, 2024. https:// www.kaggle.com/datasets/jackksoncsie/ spam-email-dataset/data

    work page 2024

  29. [29]

    https://arxiv.org/abs/2101.03545

    COVID-19 Fake News Detection. https://arxiv.org/abs/2101.03545

    work page arXiv

  30. [30]

    System- atization of knowledge (sok): A systematic re- view of software-based web phishing detection

    Zuochao Dou,Issa Khalil,Abdallah Khreishah, Ala Al-Fuqaha, and Mohsen Guizani. System- atization of knowledge (sok): A systematic re- view of software-based web phishing detection. IEEE Communications Surveys & Tutorials, 19(4):2797–2819, 2017

    work page 2017

  31. [31]

    Getting the general public to create phishing emails: A study on the persua- siveness of ai-generated phishing emails versus human methods, 2024

    Elias Ekekihl. Getting the general public to create phishing emails: A study on the persua- siveness of ai-generated phishing emails versus human methods, 2024

    work page 2024

  32. [32]

    Detecting ai-generated phishing emails targeting health- care practitioners using ensemble techniques

    Gaston Elongha and Xiang Liu. Detecting ai-generated phishing emails targeting health- care practitioners using ensemble techniques. Available at SSRN 4934129, 2024

    work page 2024

  33. [33]

    Ai and prompt engineering: The new weapons of so- cial engineering attacks

    Ambrozie Roxana Emanuela, Buzatu Andreea Cristina, and Scripcariu Luminiţa. Ai and prompt engineering: The new weapons of so- cial engineering attacks. In2024 16th Interna- tional Conference on Electronics, Computers and Artificial Intelligence (ECAI), pages 1–6. IEEE, 2024

    work page 2024

  34. [34]

    Anal- ysis and prevention of ai-based phishing email attacks

    Chibuike Samuel Eze and Lior Shamir. Anal- ysis and prevention of ai-based phishing email attacks. Electronics, 13(10):1839, 2024. 15

    work page 2024

  35. [35]

    Gen- erating phishing attacks and novel detection algorithms in the era of large language models

    Jeffrey Fairbanks and Edoardo Serra. Gen- erating phishing attacks and novel detection algorithms in the era of large language models. In 2024 IEEE International Conference on Big Data (BigData), pages 2314–2319. IEEE, 2024

    work page 2024

  36. [36]

    Assessing ai vs human-authored spear phishing sms attacks: An empirical study using the trapd method

    Jerson Francia, Derek Hansen, Ben Schooley, Matthew Taylor, Shydra Murray, and Greg Snow. Assessing ai vs human-authored spear phishing sms attacks: An empirical study using the trapd method. arXiv preprint arXiv:2406.13049, 2024

    work page arXiv 2024

  37. [37]

    GLTR: Statistical Detection and Visualization of Generated Text

    Sebastian Gehrmann, Hendrik Strobelt, and Alexander M Rush. Gltr: Statistical detection and visualization of generated text. arXiv preprint arXiv:1906.04043, 2019

    work page internal anchor Pith review Pith/arXiv arXiv 1906

  38. [38]

    David ver- sus goliath: Can machine learning detect llm- generated text? a case study in the detection of phishing emails

    Francesco Greco, Giuseppe Desolda, Andrea Esposito, and Alessandro Carelli. David ver- sus goliath: Can machine learning detect llm- generated text? a case study in the detection of phishing emails. InThe Italian Conference on CyberSecurity, 2024

    work page 2024

  39. [39]

    Detection of ai-generated emails-a case study

    Paweł Gryka, Kacper Gradoń, Marek Kozłowski, Miłosz Kutyła, and Artur Janicki. Detection of ai-generated emails-a case study. In Proceedings of the 19th International Conference on Availability, Reliability and Security, pages 1–8, 2024

    work page 2024

  40. [40]

    Generat- ing personalized phishing emails forsocial engi- neeringtrainingbasedon neurallanguagemod- els

    Shih-Wei Guo, Tzu-Chi Chen, Hui-Juan Wang, Fang-Yie Leu, and Yao-Chung Fan. Generat- ing personalized phishing emails forsocial engi- neeringtrainingbasedon neurallanguagemod- els. InInternational Conference on Broadband and Wireless Computing, Communication and Applications, pages 270–281. Springer, 2022

    work page 2022

  41. [41]

    X- phishing-writer: A framework for cross-lingual phishing email generation.ACM Transactions on Asian and Low-Resource Language Infor- mation Processing, 2024

    Shih-Wei Guo and Yao-Chung Fan. X- phishing-writer: A framework for cross-lingual phishing email generation.ACM Transactions on Asian and Low-Resource Language Infor- mation Processing, 2024

    work page 2024

  42. [42]

    Fighting against phishing attacks: state of the art and future challenges.Neural Computing and Ap- plications, 28:3629–3654, 2017

    Brij B Gupta, Aakanksha Tewari, Ankit Ku- mar Jain, and Dharma P Agrawal. Fighting against phishing attacks: state of the art and future challenges.Neural Computing and Ap- plications, 28:3629–3654, 2017

    work page 2017

  43. [43]

    Application of large language models in cybersecurity: A sys- tematic literature review.IEEE Access, 2024

    Ismayil Hasanov, Seppo Virtanen, Antti Hakkala, and Jouni Isoaho. Application of large language models in cybersecurity: A sys- tematic literature review.IEEE Access, 2024

    work page 2024

  44. [45]

    Spear phishing with large language models

    Julian Hazell. Spear phishing with large language models. arXiv preprint arXiv:2305.06972, 2023

    work page arXiv 2023

  45. [46]

    Eval- uating large language models’ capability to launch fully automated spear phishing cam- paigns: Validated on human subjects.arXiv preprint arXiv:2412.00586, 2024

    Fred Heiding, Simon Lermen, Andrew Kao, Bruce Schneier, and Arun Vishwanath. Eval- uating large language models’ capability to launch fully automated spear phishing cam- paigns: Validated on human subjects.arXiv preprint arXiv:2412.00586, 2024

    work page arXiv 2024

  46. [47]

    Devising and detecting phishing: Large lan- guage models vs

    Fredrik Heiding, Bruce Schneier, Arun Vish- wanath, Jeremy Bernstein, and Peter S Park. Devising and detecting phishing: Large lan- guage models vs. smallerhuman models.arXiv preprint arXiv:2308.12287, 2023

    work page arXiv 2023

  47. [48]

    Perplexity—a measure of the difficulty of speech recognition tasks.The Journal of the Acoustical Society of America, 62(S1):S63–S63, 1977

    Fred Jelinek, Robert L Mercer, Lalit R Bahl, and James K Baker. Perplexity—a measure of the difficulty of speech recognition tasks.The Journal of the Acoustical Society of America, 62(S1):S63–S63, 1977

    work page 1977

  48. [49]

    Exploiting programmatic behav- ior of llms: Dual-use through standard security attacks

    Daniel Kang, Xuechen Li, Ion Stoica, Car- los Guestrin, Matei Zaharia, and Tatsunori Hashimoto. Exploiting programmatic behav- ior of llms: Dual-use through standard security attacks. In2024 IEEE Security and Privacy Workshops (SPW), pages 132–143. IEEE, 2024

    work page 2024

  49. [50]

    Targeted phishing cam- paigns using large scale language models

    Rabimba Karanjai. Targeted phishing cam- paigns using large scale language models. arXiv preprint arXiv:2301.00665, 2022

    work page arXiv 2022

  50. [51]

    From vulnerability to defense: The role of large language models in enhancing cybersecurity

    Wafaa Kasri,Yassine Himeur,Hamzah Ali Alk- hazaleh, Saed Tarapiah, Shadi Atalla, Wathiq Mansoor, and Hussain Al-Ahmad. From vulnerability to defense: The role of large language models in enhancing cybersecurity. Computation, 13(2):30, 2025

    work page 2025

  51. [52]

    Offensive ai: unification of email generation through gpt-2 model with a game-theoretic approach for spear-phishing attacks

    Hajra Khan, Masoom Alam, Saif Al-Kuwari, and Yasir Faheem. Offensive ai: unification of email generation through gpt-2 model with a game-theoretic approach for spear-phishing attacks. 2021

    work page 2021

  52. [53]

    Securityanalysis on practices of certificate authorities in the https phishing ecosystem

    Doowon Kim, Haehyun Cho, Yonghwi Kwon, Adam Doupé, Sooel Son, Gail-Joon Ahn, and TudorDumitras. Securityanalysis on practices of certificate authorities in the https phishing ecosystem. In Proceedings of the 2021 ACM 16 Asia Conference on Computer and Communi- cations Security, pages 407–420, 2021

    work page 2021

  53. [54]

    A watermark for large language models

    John Kirchenbauer,Jonas Geiping,Yuxin Wen, Jonathan Katz, Ian Miers, and Tom Goldstein. A watermark for large language models. InIn- ternational Conference on Machine Learning, pages 17061–17084. PMLR, 2023

    work page 2023

  54. [55]

    Evaluating large language models for phishing detection, self-consistency, faith- fulness, and explainability

    Shova Kuikel, Aritran Piplai, and Palvi Ag- garwal. Evaluating large language models for phishing detection, self-consistency, faith- fulness, and explainability. arXiv preprint arXiv:2506.13746, 2025

    work page arXiv 2025

  55. [56]

    A survey of ai- generated text forensic systems: Detection, at- tribution, and characterization.arXiv preprint arXiv:2403.01152, 2024

    Tharindu Kumarage, Garima Agrawal, Paras Sheth, Raha Moraffah, Aman Chadha, Joshua Garland, and Huan Liu. A survey of ai- generated text forensic systems: Detection, at- tribution, and characterization.arXiv preprint arXiv:2403.01152, 2024

    work page arXiv 2024

  56. [57]

    Phish- ing faster: Implementing chatgpt into phishing campaigns

    Tyson Langford and Bryson Payne. Phish- ing faster: Implementing chatgpt into phishing campaigns. In Proceedings of the Future Tech- nologies Conference, pages 174–187. Springer, 2023

    work page 2023

  57. [58]

    https://faker.readthedocs.io/en/master/

    Faker Name Library. https://faker.readthedocs.io/en/master/

    work page

  58. [59]

    Rouge: A package for auto- matic evaluation of summaries

    Chin-Yew Lin. Rouge: A package for auto- matic evaluation of summaries. InText sum- marization branches out, pages 74–81, 2004

    work page 2004

  59. [60]

    Phish- pedia: A hybrid deep learning based approach to visually identify phishing webpages

    Yun Lin, Ruofan Liu, Dinil Mon Divakaran, Jun Yang Ng,Qing Zhou Chan,Yiwen Lu,Yux- uan Si, Fan Zhang, and Jin Song Dong. Phish- pedia: A hybrid deep learning based approach to visually identify phishing webpages. In30th USENIX Security Symposium (USENIX Secu- rity 21), pages 3793–3810, 2021

    work page 2021

  60. [61]

    Securenet: A comparative study of deberta and large lan- guage models for phishing detection.arXiv preprint arXiv:2406.06663, 2024

    Sakshi Mahendru and Tejul Pandit. Securenet: A comparative study of deberta and large lan- guage models for phishing detection.arXiv preprint arXiv:2406.06663, 2024

    work page arXiv 2024

  61. [62]

    Training users against human and gpt-4 generated social engineer- ing attacks.arXiv preprint arXiv:2502.01764, 2025

    Tyler Malloy, Maria Jose Ferreira, Fei Fang, and Cleotilde Gonzalez. Training users against human and gpt-4 generated social engineer- ing attacks.arXiv preprint arXiv:2502.01764, 2025

    work page arXiv 2025

  62. [63]

    Characterising deception in ai: A survey

    Peta Masters,WallySmith,LizSonenberg,and Michael Kirley. Characterising deception in ai: A survey. InDeceptive AI: First Interna- tional Workshop, DeceptECAI 2020, Santiago de Compostela,Spain,August 30,2020 and Sec- ond International Workshop, DeceptAI 2021, Montreal, Canada, August 19, 2021, Proceed- ings 1, pages 3–16. Springer, 2021

    work page 2020

  63. [64]

    Enhancing security in large language models: A comprehensive review of prompt injection attacks and defenses

    Eleena Mathew. Enhancing security in large language models: A comprehensive review of prompt injection attacks and defenses. Au- thorea Preprints, 2024

    work page 2024

  64. [65]

    Adversarial robustness of phishing email detection models

    Parisa Mehdi Gholampour and Rakesh M Verma. Adversarial robustness of phishing email detection models. InProceedings of the 9th ACM International Workshop on Security and Privacy Analytics, pages 67–76, 2023

    work page 2023

  65. [66]

    Spam filtering with naive bayes-which naive bayes? InCEAS,volume 17, pages 28–69

    Vangelis Metsis, Ion Androutsopoulos, and Georgios Paliouras. Spam filtering with naive bayes-which naive bayes? InCEAS,volume 17, pages 28–69. Mountain View, CA, 2006

    work page 2006

  66. [67]

    News category dataset.arXiv preprint arXiv:2209.11429, 2022

    Rishabh Misra. News category dataset.arXiv preprint arXiv:2209.11429, 2022

    work page arXiv 2022

  67. [68]

    Detectgpt: Zero-shot machine-generated text detection using probability curvature

    Eric Mitchell, Yoonho Lee, Alexander Khaz- atsky, Christopher D Manning, and Chelsea Finn. Detectgpt: Zero-shot machine-generated text detection using probability curvature. In International conference on machine learning, pages 24950–24962. PMLR, 2023

    work page 2023

  68. [69]

    Benchmarking 21 open-source large language models for phish- ing link detection with prompt engineering

    Arbi Haza Nasution, Winda Monika, Aytug Onan, and Yohei Murakami. Benchmarking 21 open-source large language models for phish- ing link detection with prompt engineering. Information, 16(5):366, 2025

    work page 2025

  69. [70]

    Phishing for trust in the ai age: A quasi-experimental study on individual human factors influencing trust in ai-driven phishing attempts, 2024

    Philip Nilsson. Phishing for trust in the ai age: A quasi-experimental study on individual human factors influencing trust in ai-driven phishing attempts, 2024

    work page 2024

  70. [71]

    Teach llms to phish: Steal- ing private information from language models

    Ashwinee Panda, Christopher A Choquette- Choo, Zhengming Zhang, Yaoqing Yang, and Prateek Mittal. Teach llms to phish: Steal- ing private information from language models. arXiv preprint arXiv:2403.00871, 2024

    work page arXiv 2024

  71. [72]

    Bleu: a method for auto- matic evaluation of machine translation

    Kishore Papineni, Salim Roukos, Todd Ward, and Wei-Jing Zhu. Bleu: a method for auto- matic evaluation of machine translation. In Proceedings of the 40th annual meeting of the Association for Computational Linguistics, pages 311–318, 2002

    work page 2002

  72. [73]

    Creatively malicious prompt engineering

    Andrew Patel and Jason Sattler. Creatively malicious prompt engineering. WithSecure Intelligence, 2023. 17

    work page 2023

  73. [74]

    Leveraging generative pre-trained transformers for the detection and generation of social engineering attacks: A case study on youtube collusion scams

    LW Perik. Leveraging generative pre-trained transformers for the detection and generation of social engineering attacks: A case study on youtube collusion scams. Master’s thesis, University of Twente, 2025

    work page 2025

  74. [75]

    Ap- plying large language model (llm) for develop- ing cybersecurity policies to counteract spear phishing attacks on senior corporate managers

    Thomas Quinn and Olivia Thompson. Ap- plying large language model (llm) for develop- ing cybersecurity policies to counteract spear phishing attacks on senior corporate managers. 2024

    work page 2024

  75. [76]

    X-teaming: Multi-turn jailbreaks and defenses with adaptive multi- agents

    Salman Rahman, Liwei Jiang, James Shiffer, Genglin Liu,Sheriff Issaka,Md Rizwan Parvez, Hamid Palangi, Kai-Wei Chang, Yejin Choi, and Saadia Gabriel. X-teaming: Multi-turn jailbreaks and defenses with adaptive multi- agents. arXiv preprint arXiv:2504.13203,2025

    work page arXiv 2025

  76. [77]

    Exploring the impact of ethnicity on susceptibility to voice phishing

    Aritra Ray, Sohini Saha, Krishnendu Chakrabarty, Leslie Collins, Kyle Lafata, and Pardis Emami-Naeini. Exploring the impact of ethnicity on susceptibility to voice phishing. In USENIX Symposium on Usable Privacy and Security (SOUPS), 2023

    work page 2023

  77. [78]

    https://www.knowbe4.com/resources /reports/phishing-by-industry-benchmarking- report

    2025 Phishing By Industry Benchmarking Report. https://www.knowbe4.com/resources /reports/phishing-by-industry-benchmarking- report

    work page 2025

  78. [79]

    https://blog.barracuda.com/2025/03/19/threat- spotlight-phishing-as-a-service-fast-evolving- threat

    Barracuda 2025 Phishing Report. https://blog.barracuda.com/2025/03/19/threat- spotlight-phishing-as-a-service-fast-evolving- threat

    work page 2025

  79. [80]

    From chatbots to phishbots?: Phishing scam generation in commercial large language models

    Sayak Saha Roy, Poojitha Thota, Kr- ishna Vamsi Naragam, and Shirin Nilizadeh. From chatbots to phishbots?: Phishing scam generation in commercial large language models. In2024 IEEE Symposium on Security and Privacy (SP) , pages 221–221. IEEE Computer Society, 2024

    work page 2024

  80. [81]

    Creating and detecting fake reviews of online products

    Joni Salminen, Chandrashekhar Kandpal, Ahmed Mohamed Kamel, Soon-gyo Jung, and Bernard J Jansen. Creating and detecting fake reviews of online products. Journal of Retailing and Consumer Services, 64:102771, 2022

    work page 2022

Showing first 80 references.