The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time

This report describes a proof-of-concept attack where an apparently benign webpage calls trusted LLM APIs from the client side to generate malicious JavaScript snippets at runtime, assembling polymorphic phishing pages in the victim's browser that evade network-based detection; it details the PoC steps, evasion advantages, alternative delivery methods, and mitigation recommendations emphasizing in-browser runtime behavioral analysis and stricter LLM guardrails.