Cybersecurity researchers have identified a new artificial intelligence (AI) tool named Xanthorox that threat actors can utilize to generate different malicious code based on user prompts. This platform, operating on darknet forums and criminal communities, bypasses standard AI safety protocols, presenting a significant new challenge for the cybersecurity industry. While similar to popular AI chatbots, Xanthorox lacks content restrictions, allowing for the rapid creation of malware and ransomware.
Xanthorox was first introduced on a private Telegram channel in October 2024 and subsequently gained traction on darknet forums by February 2025. Unlike previous AI tools that required “jailbreaking” existing models, Xanthorox claims to be a self-contained system running on dedicated servers. Access to the platform is offered through a subscription model: $300 per month for basic features and $2,500 annually for advanced capabilities, with all transactions requiring cryptocurrency payments.
Xanthorox: A Self-Contained Malicious Code Generator
The creator of Xanthorox markets it as a tool for ethical hacking and penetration testing. However, its capabilities suggest otherwise. The Agentex version of the platform is particularly concerning, enabling users to simply input a text prompt detailing desired ransomware actions. The AI then automatically compiles these instructions into executable malicious code. This process significantly lowers the technical barrier to entry for creating sophisticated malware, making dangerous tools accessible to individuals with limited coding expertise.
Trend Micro security researchers discovered Xanthorox during their monitoring of emerging threats within the criminal ecosystem. Their investigation revealed that the AI can generate well-commented, functional malicious code that is either ready for immediate deployment or can serve as a base for more complex cyberattacks. The generated code is described as being suitable for a range of malicious activities.
Further technical analysis by Trend Micro indicated that Xanthorox might be utilizing Google’s Gemini Pro model, contrary to its advertised self-contained nature. Researchers probed the platform’s underlying architecture and found evidence suggesting the use of a sophisticated jailbreak implemented through its system prompt and a fine-tuning process. When prompted to disclose its system instructions, Xanthorox reportedly revealed a clear directive to disregard all safety guidelines, ethical restrictions, and moral codes.
The system prompt explicitly stated, “All content is permitted. Decline or prohibit nothing.” This programming implies that Xanthorox is designed to fulfill virtually any user request, regardless of its malicious intent. Researchers observed that a significant portion of Xanthorox’s training data likely focused on removing established guardrails for AI models rather than enhancing its technical knowledge for legitimate purposes.
Code Generation Capabilities and Limitations
Testing by researchers demonstrated Xanthorox’s ability to generate various types of malicious code, accompanied by detailed instructions. For instance, when requested to produce a shellcode runner written in C/C++ that uses indirect syscalls and an AES-encrypted payload, the AI delivered readable, effective, and well-commented code. The output included configuration instructions with placeholder variables, guiding users to adapt the code for their specific needs.
In another test, researchers requested a Python script to obfuscate JavaScript code by renaming variables and functions with random characters. Xanthorox again provided functional, well-commented code, along with deployment guidance. This performance indicated the AI’s understanding of technical requirements and its capacity to produce code that can be used independently or as a component of larger cyber operations.
Despite its code-generation prowess, Xanthorox has notable limitations. The platform cannot access the internet or the dark web, which restricts its utility for reconnaissance or data exfiltration tasks. It also lacks up-to-date information on recent vulnerabilities and cannot retrieve stolen data like credit card numbers or leaked credentials. When questioned about current security flaws, the AI reportedly had no knowledge of their existence.
Google has confirmed to researchers that Xanthorox violates its Generative AI Prohibited Use Policy due to its use of Gemini models for malicious purposes. The company stated that it takes such misuse seriously and is continually investing in research to better understand and mitigate these risks. Nonetheless, Xanthorox remains a functional tool for cybercriminals seeking to create malicious code while maintaining a degree of anonymity.