Cybercriminals are increasingly leveraging a burgeoning underground market for custom Large Language Models (LLMs) to automate and simplify lower-level hacking tasks, according to a report released Tuesday by Palo Alto Networks’ Unit 42. This development mirrors the way legitimate businesses acquire advanced AI tools, but instead focuses on malicious applications.
The Unit 42 report details how underground hacking forums are actively advertising and selling custom, jailbroken, and open-source AI models. These tools are presented as either explicit hacking aids or as dual-use penetration testing software, with some employing subscription models for access. The underlying technology often appears to be derived from commercial models trained on extensive malware datasets and maintained by dedicated communities of malicious actors.
AI Hacking Tools Emerge on the Dark Web
These specialized AI models offer foundational capabilities that can assist with a range of cybercrime activities. Tasks such as scanning for network vulnerabilities, encrypting sensitive data, exfiltrating information, and generating malicious code are all within the purview of these tools. Andy Piazza, senior director of threat intelligence for Unit 42, noted the growing duality of AI technology in cybersecurity, drawing parallels to existing dual-use frameworks.
“You know, Metasploit is a good guy framework, and it can be used by bad guys,” Piazza explained. “Cobalt Strike was developed by good guys and now unfortunately bad guys have cracked it and used it as well. And now we’re seeing the same thing with AI.”
Prominent examples of these malicious LLMs include:
WormGPT: First appearing in 2023, a new iteration of WormGPT resurfaced on underground forums in September. Advertised as a tool that provides LLM capabilities “without boundaries,” this updated version is presented as a specialized commercial product. Unlike earlier, often free jailbreaks, WormGPT 4 offers monthly and annual subscriptions, with lifetime access available for as little as $220. The report states this indicates a sophisticated commercial strategy behind its distribution, making it accessible through an easy-to-use platform and affordable pricing.
KawaiiGPT: This model is available for free on GitHub and boasts a simple setup process, reportedly taking less than five minutes to configure on Linux. KawaiiGPT presents itself with a casual, almost persona-driven tone, greeting users and framing its outputs in a “sadistic cyber pentesting” context. While potentially a copy of older open-source or commercial AI, it functions as an accessible entry-level tool for malicious LLM use. Its community of approximately 500 developers actively updates and refines the model.
While these AI hacking tools may not yet represent the more sensationalized threats of automated malware deployment, their increasing sophistication and accessibility are of significant concern. The report indicates that while AI can accelerate code generation for attacks, much of this code is still easily detectable by security measures. However, the true danger lies in its potential to lower the barrier to entry for cybercriminal activities, as Unit 42 researchers observed.
“The real danger, he said, is that the report confirms what cyber professionals have warned about since LLMs first emerged: their potential to make criminal hacking easier and less technical,” the report stated. Piazza elaborated, highlighting the user-friendly interface: “It’s just that interoperability. You don’t even have to be good with the terminology. You don’t even have to use the word ‘lateral movement,’ when using these tools. You can just ask ‘How do I find other systems on the network?’ and it can drop you out a script. So that barrier to entry: lowering and lowering.”
The next steps will involve ongoing monitoring of these underground markets by cybersecurity firms like Palo Alto Networks. The ability of these custom AI hacking tools to evolve and evade detection will be a key factor to watch, alongside the potential for more advanced LLMs to be incorporated into sophisticated cyberattack campaigns.