Traditional large-scale cyberattacks face diminishing returns due to increasing defensive sophistication and low targeting precision. Method: This study introduces and empirically validates an LLM-driven personalized attack paradigm—leveraging zero-shot prompt engineering, context-aware reasoning, and structured data extraction—to enable fully automated sensitive information discovery, user-level exploit generation, and dynamic ransom pricing across state-of-the-art models (GPT-4, Claude, Llama). Contribution/Results: Evaluated on the Enron email corpus, the approach autonomously identifies high-value illicit intelligence—e.g., executive extramarital affairs—without human intervention, confirming operational viability across multiple attack vectors. This work provides the first empirical evidence that LLMs are shifting cyberattacks from “spray-and-pray” to “precision-strike” strategies, fundamentally altering attacker cost structures and revenue models by dramatically lowering customization overhead while amplifying impact per target.

We argue that Large language models (LLMs) will soon alter the economics of cyberattacks. Instead of attacking the most commonly used software and monetizing exploits by targeting the lowest common denominator among victims, LLMs enable adversaries to launch tailored attacks on a user-by-user basis. On the exploitation front, instead of human attackers manually searching for one difficult-to-identify bug in a product with millions of users, LLMs can find thousands of easy-to-identify bugs in products with thousands of users. And on the monetization front, instead of generic ransomware that always performs the same attack (encrypt all your data and request payment to decrypt), an LLM-driven ransomware attack could tailor the ransom demand based on the particular content of each exploited device. We show that these two attacks (and several others) are imminently practical using state-of-the-art LLMs. For example, we show that without any human intervention, an LLM finds highly sensitive personal information in the Enron email dataset (e.g., an executive having an affair with another employee) that could be used for blackmail. While some of our attacks are still too expensive to scale widely today, the incentives to implement these attacks will only increase as LLMs get cheaper. Thus, we argue that LLMs create a need for new defense-in-depth approaches.