Persistent adversarial evolution in phishing attacks—outpacing defensive capabilities—creates a chronic “cat-and-mouse” dynamic. Method: This paper introduces the first self-evolving phishing attack simulation framework integrating large language models (LLMs) and genetic algorithms (GAs). It employs Llama 3.1 to generate initial phishing texts, incorporates victim behavioral modeling to establish a feedback loop, and applies GA-based iterative optimization along psychological manipulation dimensions. Contribution/Results: The framework enables autonomous evolution of social engineering strategies—revealing attackers’ increasing sophistication in cognitive manipulation. Empirical evaluation demonstrates that its generated attacks significantly outperform static LLM outputs and dynamically evade detection, underscoring inherent asymmetry in cyber offense-defense dynamics and exposing systemic challenges for defenders.

Anticipating emerging attack methodologies is crucial for proactive cybersecurity. Recent advances in Large Language Models (LLMs) have enabled the automated generation of phishing messages and accelerated research into potential attack techniques. However, predicting future threats remains challenging due to reliance on existing training data. To address this limitation, we propose a novel framework that integrates LLM-based phishing attack simulations with a genetic algorithm in a psychological context, enabling phishing strategies to evolve dynamically through adversarial interactions with simulated victims. Through simulations using Llama 3.1, we demonstrate that (1) self-evolving phishing strategies employ increasingly sophisticated psychological manipulation techniques, surpassing naive LLM-generated attacks, (2) variations in a victim's prior knowledge significantly influence the evolution of attack strategies, and (3) adversarial interactions between evolving attacks and adaptive defenses create a cat-and-mouse dynamic, revealing an inherent asymmetry in cybersecurity -- attackers continuously refine their methods, whereas defenders struggle to comprehensively counter all evolving threats. Our approach provides a scalable, cost-effective method for analyzing the evolution of phishing strategies and defenses, offering insights into future social engineering threats and underscoring the necessity of proactive cybersecurity measures.