PICARD: Phishing Intelligence Corpus for Artificial Intelligence Research and Defense : A Massive Approach to Informing Artificial Intelligence Phishing Defenses

Abstract

The emergence of generative artificial intelligence (AI) has facilitated the creation of targeted, mass-produced, and highly effective phishing messages with unprecedented ease. Unlike previous methods, attackers no longer face the dilemma of choosing between investing time in crafting personalized spear phishing messages or opting for less effective, but broadly distributed, general phishing campaigns. Despite continuous warnings from security researchers and academics spanning over a year, there remains a notable scarcity of AI-generated phishing messages available for comprehensive study and analysis. The establishment of a comprehensive corpus of AI-generated phishing messages would provide researchers with the data to devise effective strategies for detecting and thwarting these sophisticated techniques. To address this gap, we propose leveraging the computational capabilities of UWEC’s Blugold Center for High Performance Computing with local Large Language Models (LLMs) to generate a diverse and extensive collection of malicious phishing messages for analysis and new techniques to better detect AI generated phishing attacks.