AI Generates Malicious JavaScript In Browsers

Security researchers recently demonstrated that seemingly innocuous webpages can use AI to generate and execute polymorphic JavaScript in victims' browsers in real time, creating personalized phishing pages and exfiltrating credentials. The Unit 42 study shows attackers prompt trusted LLM providers, like DeepSeek and Google Gemini, to produce evasive code; researchers recommend runtime browser behavioral monitoring and offline sandbox rendering to detect and block these attacks.