<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE article PUBLIC "-//NLM/DTD JATS (Z39.96) Journal Publishing DTD v1.2 20120330//EN" "http://jats.nlm.nih.gov/publishing/1.2/JATS-journalpublishing1.dtd">
    <!--<?xml-stylesheet type="text/xsl" href="article.xsl">-->
<article xmlns:ns0="http://www.w3.org/1999/xlink" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" article-type="research-article" dtd-version="1.2" xml:lang="en">
	<front>
		<journal-meta>
			<journal-id journal-id-type="eissn">3034-1558</journal-id>
			<journal-title-group>
				<journal-title>Cifra. Information technology and telecommunications</journal-title>
			</journal-title-group>
			<publisher>
				<publisher-name>Cifra LLC</publisher-name>
			</publisher>
		</journal-meta>
		<article-meta>
			<article-id pub-id-type="doi">10.60797/itech.2026.11.9</article-id>
			<article-categories>
				<subj-group>
					<subject>Brief communication</subject>
				</subj-group>
			</article-categories>
			<title-group>
				<article-title>RISKS OF USING GENERATIVE LANGUAGE MODELS IN PHISHING ATTACKS: ANALYSIS AND THREAT MODELING</article-title>
			</title-group>
			<contrib-group>
				<contrib contrib-type="author" corresp="yes">
					<name>
						<surname>Negoda</surname>
						<given-names>Aleksandr Nikolaevich</given-names>
					</name>
					<email>alexandernegoda95@gmail.com</email>
					<xref ref-type="aff" rid="aff-1">1</xref>
				</contrib>
			</contrib-group>
			<aff id="aff-1">
				<label>1</label>
				<institution>GPM Digital Innovations LLC</institution>
			</aff>
			<pub-date publication-format="electronic" date-type="pub" iso-8601-date="2026-07-14">
				<day>14</day>
				<month>07</month>
				<year>2026</year>
			</pub-date>
			<pub-date pub-type="collection">
				<year>2026</year>
			</pub-date>
			<volume>4</volume>
			<issue>11</issue>
			<fpage>1</fpage>
			<lpage>4</lpage>
			<history>
				<date date-type="received" iso-8601-date="2026-05-21">
					<day>21</day>
					<month>05</month>
					<year>2026</year>
				</date>
				<date date-type="accepted" iso-8601-date="2026-06-17">
					<day>17</day>
					<month>06</month>
					<year>2026</year>
				</date>
			</history>
			<permissions>
				<copyright-statement>Copyright: &amp;#x00A9; 2022 The Author(s)</copyright-statement>
				<copyright-year>2022</copyright-year>
				<license license-type="open-access" xlink:href="http://creativecommons.org/licenses/by/4.0/">
					<license-p>
						This is an open-access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC-BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. See 
						<uri xlink:href="http://creativecommons.org/licenses/by/4.0/">http://creativecommons.org/licenses/by/4.0/</uri>
					</license-p>
					.
				</license>
			</permissions>
			<self-uri xlink:href="https://itech.cifra.science/archive/3-11-2026-july/10.60797/itech.2026.11.9"/>
			<abstract>
				<p>The article examines the risks associated with the use of large language models and generative artificial intelligence (hereinafter referred to as AI) in phishing attacks. The purpose of the study is to analyze how LLMs transform phishing, what new vulnerabilities emerge as a result, and how a threat model for such attacks can be constructed. It was found that the use of LLMs changes phishing in several ways: it accelerates OSINT preparation, increases the plausibility of texts, simplifies message personalization, expands the range of delivery channels, and enhances the reproducibility of attacker actions. The authors propose an original threat model linking threat actors, assets, delivery channels, vulnerabilities, and consequences. It is concluded that generative AI should be regarded as an independent factor increasing cyber risk, while countering AI-enabled phishing should rely on the combined implementation of organizational, technical, and analytical measures.</p>
			</abstract>
			<kwd-group>
				<kwd>generative artificial intelligence</kwd>
				<kwd> large language models</kwd>
				<kwd> phishing</kwd>
				<kwd> social engineering</kwd>
				<kwd> AI threat model</kwd>
				<kwd> AI phishing</kwd>
			</kwd-group>
		</article-meta>
	</front>
	<body>
		<sec>
			<title>HTML-content</title>
			<p>1. Introduction</p>
			<p>The proliferation of large language models has transformed the nature of emerging digital threats. While early discussions of risks associated with generative AI focused primarily on adversarial attacks on models and issues of output reliability, attention has increasingly shifted toward the risk of generating malicious content using AI. From this perspective, LLMs function as a tool for preparing attack vectors, which is particularly relevant in the context of phishing, as this form of attack is inherently built around text, trust, the imitation of legitimate communication, and the exploitation of user behavioral responses. For this reason, generative AI should be considered as an independent source of new cyber threats [1]. At the same time, phishing remains one of the most widespread forms of cyberattacks, relying on fraudulent communication to obtain credentials, financial information, or access to protected resources. The contemporary academic literature emphasizes that victim vulnerability is determined by a combination of factors: outcomes are influenced by cognitive, emotional, social, and situational conditions, including time pressure, trust in the perceived authority of the sender, patterns of digital behavior, and the overall level of cybersecurity awareness. In the context of the active use of generative AI, this dependency is further amplified, as attackers gain the ability to rapidly tailor message content to a specific recipient and situation [2].</p>
			<p>The aim of this study is to analyze the risks associated with the use of generative language models in phishing attacks and to develop a threat model that links the technological capabilities of LLMs with typical attack scenarios, victim vulnerabilities, and organizational consequences.</p>
			<p>The research materials consisted of academic publications addressing the cybersecurity risks of generative AI, the human factor in phishing, AI-enhanced social engineering, tools for generating phishing content, methods for its detection, and security issues of systems incorporating large language models. The study is based on methods of comparative analysis, problem-oriented thematic classification, structured description of AI-enabled phishing scenarios, and threat modeling.</p>
			<p>2. Main results</p>
			<p>The emergence of generative language models is transforming phishing primarily by increasing its accessibility. Previously, the preparation of a plausible attack depended on the attacker’s competence (at a minimum, language proficiency), the ability to imitate corporate communication styles, and the manual crafting of messages; however, with the widespread availability of LLMs, much of this work is delegated to the model. Existing research on offensive-side scenarios demonstrates that publicly available tools can be used to rapidly generate multiple variations of similar phishing messages, implement phishing schemes involving voice modulation, and even configure chatbots capable of conducting conversations on behalf of the attacker. Notably, generative models are involved already at the attack preparation stage, as they assist in collecting and structuring information about the target, constructing a credible pretext, generating message content, selecting an appropriate tone, and maintaining communication after the initial contact [3]. </p>
			<p>At the content level, the threat is associated with several key changes (Fig. 1).</p>
			<fig id="F1">
				<label>Figure 1</label>
				<caption>
					<p> The impact of generative models on the transformation of phishing and associated threats</p>
				</caption>
				<alt-text> The impact of generative models on the transformation of phishing and associated threats</alt-text>
				<graphic ns0:href="/media/images/2026-05-18/f7e701e1-ca6e-43b7-86c1-98b21055855b.png"/>
			</fig>
			<p>The first change concerns OSINT preparation, in which various data sources – such as social media, corporate websites, public appearances, and other digital traces – are used to generate messages that account for the recipient’s position, field of activity, current projects, and communication style. The second aspect relates to text quality, as AI-generated messages no longer reveal themselves through poor style, spelling errors, or templated phrasing. At the same time, scalability becomes possible, as attackers can generate dozens of message variations for different target groups, vary delivery channels, and quickly relaunch campaigns after previous templates are blocked.</p>
			<p>In addition, contemporary threats are becoming increasingly multimodal; attackers may employ not only email, but also voice phishing (vishing), smishing, spoofed video calls, and chatbots that sustain the victim’s engagement as the attack unfolds. In the context of AI-enhanced social engineering, the academic literature identifies three key properties that provide attackers with the highest likelihood of successful phishing: plausibility, personalization, and automation. Taken together, these factors enable an unprecedented level of influence over the user during an attack [4].</p>
			<p>In light of this, the following classification of AI-enabled phishing can be proposed (Fig. 2).</p>
			<fig id="F2">
				<label>Figure 2</label>
				<caption>
					<p>Classification of attacks associated with AI-enabled phishing</p>
				</caption>
				<alt-text>Classification of attacks associated with AI-enabled phishing</alt-text>
				<graphic ns0:href="/media/images/2026-05-18/3b6e9fd1-dff1-4bf8-a55a-f8ebde351f95.png"/>
			</fig>
			<p>In practice, the greatest risk arises from the combination of all three levels, as it turns LLMs into a tool for conducting multi-stage social engineering. At the same time, several key directions remain predominant in the academic literature on the study of AI in phishing (Table 1):</p>
			<table-wrap id="T1">
				<label>Table 1</label>
				<caption>
					<p>Comparative analysis of existing academic approaches to the study of AI in phishing</p>
				</caption>
				<table>
					<tr>
						<td>Direction</td>
						<td>Focus of the study</td>
						<td>Purpose</td>
						<td>Relevance for threat modeling</td>
					</tr>
					<tr>
						<td>Human factor</td>
						<td>Recipient behavior and vulnerabilities</td>
						<td>Explains the causes of attack success</td>
						<td>Enables the identification of victim vulnerabilities</td>
					</tr>
					<tr>
						<td>AI-enhanced social engineering</td>
						<td>AI as a tool of persuasive influence</td>
						<td>Demonstrates increased personalization and plausibility</td>
						<td>Links LLMs with influence techniques</td>
					</tr>
					<tr>
						<td>Phishing content generation</td>
						<td>Creation of phishing messages using LLMs</td>
						<td>Reveals offensive capabilities of AI</td>
						<td>Describes the preparation and delivery stages</td>
					</tr>
					<tr>
						<td>Detection of AI-enabled phishing</td>
						<td>Methods for identifying AI-generated attacks</td>
						<td>Forms the basis for new defensive solutions</td>
						<td>Establishes foundations for countermeasure</td>
					</tr>
					<tr>
						<td>Protection of LLM-based systems</td>
						<td>Threats to LLM infrastructure and protection measures</td>
						<td>Expands risk understanding beyond the message itself</td>
						<td>Incorporates protection of the LLM environment into the threat model</td>
					</tr>
					<tr>
						<td>Multi-agent detection systems</td>
						<td>Architectures for intelligent threat detection</td>
						<td>Enhances prospects for threat detection</td>
						<td>Refines future directions of defensive strategies</td>
					</tr>
				</table>
			</table-wrap>
			<p>Thus, LLMs can be used to bypass traditional filtering systems and to generate messages that account for anti-spam features already at the construction stage. In one of the most illustrative studies, the Phish-Master algorithm was proposed, combining Chain-of-Thought, MetaPrompt, and domain-specific prompts. The authors demonstrated that emails generated in this manner were successfully delivered in 99% of cases in a real network environment; accordingly, the detection model developed on their basis achieved very high performance on test data [5].</p>
			<p>In addition, it is widely recognized that traditional defense approaches have long relied on URL-based features, email header analysis, domain anomalies, and other formal indicators. However, these methods are no longer sufficient for detecting LLM-generated phishing, as such messages can be grammatically correct, stylistically consistent, and contextually relevant while still containing malicious intent. As a result, the importance of semantic analysis and the detection of underlying persuasion patterns is increasing. In particular, the academic literature proposes a two-stage model in which the presence of persuasion principles is first assessed, followed by binary classification of the message based on this evaluation. In one study, the authors used a dataset of 2,995 AI-generated emails, achieving a detection accuracy of 94% with an AUC of 98%. Notably, this approach analyzes the message as a mechanism of psychological influence on the recipient [6].</p>
			<p>Based on this, a threat model for the use of LLMs in phishing attacks can be proposed (Fig. 3), the construction of which is grounded in the vulnerabilities of LLM-based systems themselves when they are integrated into an organization’s business processes [7], [8].</p>
			<fig id="F3">
				<label>Figure 3</label>
				<caption>
					<p> Threat model for the use of LLMs in phishing attacks</p>
				</caption>
				<alt-text> Threat model for the use of LLMs in phishing attacks</alt-text>
				<graphic ns0:href="/media/images/2026-05-18/dcb3dc85-bcdd-410f-87d1-3fdb94ffcf83.png"/>
			</fig>
			<p>In this context, the threat model of AI-enabled phishing can be represented as a sequence of interconnected elements. At the reconnaissance stage, the generative model assists in organizing OSINT data and constructing a victim profile. At the preparation stage, a pressure scenario, delivery channel, and communication style are selected. At the delivery stage, an email, message, voice fragment, or video communication script is generated. During the attack support stage, follow-up contact may occur, including clarification of details, reduction of suspicion, and guiding the victim toward the intended action. This is followed by the impact stage, involving data disclosure, financial transfers, deployment of malicious payloads, or unauthorized access to internal systems. Compared to traditional phishing, the key distinction of this scenario lies in the ability to rapidly adapt text, tone, argumentation, and persuasion tactics in response to the victim’s behavior. Accordingly, based on this model, the development of defensive strategies and mechanisms becomes feasible.</p>
			<p>3. Conclusion</p>
			<p>Thus, the analysis demonstrates that the use of generative language models transforms both the nature of traditional phishing and the approaches to its execution, affecting the entire attack lifecycle. At a minimum, LLMs accelerate reconnaissance, increase the likelihood of successful message delivery, facilitate personalization, and support the scaling of attacks across multiple channels. As a result, phishing becomes less costly to prepare, more precise in targeting, and more difficult to detect. The core of the threat lies in the human factor, as well as in the limited capabilities of existing defenses and detection methods against AI-generated phishing. In this context, the most effective approach appears to be the integration of the identified threats within a unified model, followed by the development of appropriate defensive strategies and mechanisms.</p>
		</sec>
		<sec sec-type="supplementary-material">
			<title>Additional File</title>
			<p>The additional file for this article can be found as follows:</p>
			<supplementary-material xmlns:xlink="http://www.w3.org/1999/xlink" id="S1" xlink:href="https://doi.org/10.5334/cpsy.78.s1">
				<!--[<inline-supplementary-material xlink:title="local_file" xlink:href="https://itech.cifra.science/media/articles/25634.docx">25634.docx</inline-supplementary-material>]-->
				<!--[<inline-supplementary-material xlink:title="local_file" xlink:href="https://itech.cifra.science/media/articles/25634.pdf">25634.pdf</inline-supplementary-material>]-->
				<label>Online Supplementary Material</label>
				<caption>
					<p>
						Further description of analytic pipeline and patient demographic information. DOI:
						<italic>
							<uri>https://doi.org/10.60797/itech.2026.11.9</uri>
						</italic>
					</p>
				</caption>
			</supplementary-material>
		</sec>
	</body>
	<back>
		<ack>
			<title>Acknowledgements</title>
			<p/>
		</ack>
		<sec>
			<title>Competing Interests</title>
			<p/>
		</sec>
		<ref-list>
			<ref id="B1">
				<label>1</label>
				<mixed-citation publication-type="confproc">Namiot D.E. On the cyber risks of generative artificial intelligence / D.E. Namiot, E.A. Ilyushin // International Journal of Open Information Technologies. — 2024. — Vol. 12, № 10. — P. 109–118.</mixed-citation>
			</ref>
			<ref id="B2">
				<label>2</label>
				<mixed-citation publication-type="confproc">Jabir R. Phishing Attacks in the Age of Generative Artificial Intelligence: A Systematic Review of Human Factors / R. Jabir, J. Le, C. Nguyen // AI. — 2025. — Vol. 6. — Art. 174.</mixed-citation>
			</ref>
			<ref id="B3">
				<label>3</label>
				<mixed-citation publication-type="confproc">Matecas A.-R. Social Engineering with AI / A.-R. Matecas, P. Kieseberg, S. Tjoa // Future Internet. — 2025. — Vol. 17. — Art. 515.</mixed-citation>
			</ref>
			<ref id="B4">
				<label>4</label>
				<mixed-citation publication-type="confproc">Gonzaga K. AI-Powered Social Engineering: Emerging Attack Vectors, Vulnerabilities, and Multi-Layered Defense Strategies / K. Gonzaga, S. Serra, M. Gomes [et al.] // Computers. — 2026. — Vol. 15. — Art. 128.</mixed-citation>
			</ref>
			<ref id="B5">
				<label>5</label>
				<mixed-citation publication-type="confproc">Han W. Phish-Master: Leveraging Large Language Models for Advanced Phishing Email Generation and Detection / W. Han, J. Zhu, C. Zhang [et al.] // Applied Sciences. — 2025. — Vol. 15. — Art. 12203.</mixed-citation>
			</ref>
			<ref id="B6">
				<label>6</label>
				<mixed-citation publication-type="confproc">Tooher P. Two-Stage Deep Learning Framework for AI-Driven Phishing Email Detection Based on Persuasion Principles / P. Tooher, H.S. Lallie // Computers. — 2025. — Vol. 14. — Art. 52.</mixed-citation>
			</ref>
			<ref id="B7">
				<label>7</label>
				<mixed-citation publication-type="confproc">Evglevskaya N.V. Ensuring the security of complex systems with the integration of large language models: analysis of threats and protection methods / N.V. Evglevskaya, A.A. Kazantsev // Economics and Quality of Communication Systems. — 2024. — № 4(34). — P. 129–144.</mixed-citation>
			</ref>
			<ref id="B8">
				<label>8</label>
				<mixed-citation publication-type="confproc">Astashkina A.A. Study of phishing detection methods using multi-agent intelligent systems / A.A. Astashkina, D.V. Bukin // Paradigm. — 2024. — № 5-5. — P. 211.</mixed-citation>
			</ref>
		</ref-list>
	</back>
	<fundings/>
</article>