Phishing attacks have evolved into highly evasive, scalable “phishing-as-a-service” campaigns fueled by large language models (LLMs), yet their end-to-end lifecycle remains understudied. This paper introduces GenCharDef—a unified framework that systematically deconstructs LLM-driven textual phishing along three dimensions: generative mechanisms, feature representations, and defense strategies. Grounded in a systematic mapping of knowledge (SoK) and integrating adversarial text generation, NLP, and cybersecurity analysis, GenCharDef enables end-to-end characterization of LLM-generated phishing content. It identifies distinct technical pathways and feature patterns, revealing fundamental differences from traditional phishing in methodology, security properties, and evaluation paradigms. The framework establishes a rigorous analytical foundation for developing AI-native detection mechanisms and resilient defense architectures. (138 words)

Phishing is a pervasive form of social engineering in which attackers impersonate trusted entities to steal information or induce harmful actions. Text-based phishing dominates for its low cost, scalability, and concealability, advantages recently amplified by large language models (LLMs) that enable ``Phishing-as-a-Service'' attacks at scale within minutes. Despite the growing research into LLM-facilitated phishing attacks, consolidated systematic research on the phishing attack life cycle remains scarce. In this work, we present the first systematization of knowledge (SoK) on LLM-generated phishing, offering an end-to-end analysis that spans generation techniques, attack features, and mitigation strategies. We introduce Generation-Characterization-Defense (GenCharDef), which systematizes the ways in which LLM-generated phishing differs from traditional phishing across methodologies, security perspectives, data dependencies, and evaluation practices. This framework highlights unique challenges of LLM-driven phishing, providing a coherent foundation for understanding the evolving threat landscape and guiding the design of more resilient defenses.