• Attackers embed a benign page that calls an LLM API to generate malicious JavaScript in real time. • Prompt engineering bypasses AI safety guardrails, producing polymorphic phishing code for each visit. • The code is assembled and executed at runtime, evading static network and signature detection. • Delivery from a trusted LLM domain bypasses traditional URL filtering and sandboxing. • Effective defense requires runtime behavioral analysis inside the browser to block execution. • Palo Alto Networks offers Advanced URL Filtering, Prisma AIRS, and Browser Protection for mitigation.
Article Summaries:
- Palo Alto Networks’ Unit 42 has identified a new web‑attack vector that uses large language models (LLMs) to generate malicious JavaScript on the fly. In the proof‑of‑concept, a seemingly harmless page calls a trusted LLM service (e.g., DeepSeek or Google Gemini) with engineered prompts that bypass the model’s safety guardrails. The LLM returns code snippets that are assembled and executed in the victim’s browser, creating a fully functional phishing page that is polymorphic and leaves no static payload. Because the code originates from a reputable domain, network‑based detection struggles. Unit 42 recommends runtime behavioral analysis and browser‑based protections such as Prisma Browser and Advanced URL Filtering to mitigate this threat.
Sources: