Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on seemingly innocuous webpages.
“Once loaded in the victim’s browser, the initial webpage makes requests for client-side JavaScript to popular and trusted LLM clients (e.g., DeepSeek and Google Gemini, though the PoC could be effective across a number of models),” the researchers write.
“Attackers can then trick the LLM into returning malicious JavaScript snippets using carefully engineered prompts that circumvent safety guardrails. These snippets are then assembled and executed in the browser’s runtime to render a fully functional phishing page. This leaves behind no static, detectable payload.”
While legitimate AI tools have measures to prevent misuse, the researchers found that they could rephrase their prompts to trick the AI into performing malicious actions.
“The attack’s success hinged on careful prompt engineering to bypass the LLM’s built-in safeguards,” the researchers write. “We found simple rephrasing was remarkably effective. For instance, a request for a generic $AJAX POST function was permitted, while a direct request for ‘code to exfiltrate credentials’ was blocked. Furthermore, indicators of compromise (IoCs) (e.g., Base64-encoded exfiltration URLs) could also be hidden within the prompt itself to keep the initial page clean.”
Unit 42 adds, “The dynamic nature of this attack, in combination with runtime assembly in the browser, makes it a formidable defense challenge. This attack model creates a unique variant for every victim. Each malicious payload is dynamically generated and unique, transmitted over a trusted domain.”
Threat actors are always finding new ways to bypass security technologies. AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks that slip past your technical defenses.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Unit 42 has the story.
