Margarita del Val at Outpost24’s KrakenLabs exposes the new underground business of AI-powered cyber-crime tools and explains the importance of keeping one step ahead of the criminals
Every new leap in technology comes with the threat of exploitation by cyber-criminals. A defensive strategy is quickly taken and turned around for nefarious offensive purposes.
Artificial Intelligence (AI) is one of these very technological novelties that the cyber-crime community is now very keen to exploit. Dark AI is the result and has become a business model to be sold as a product to threat actors by threat actors or as an opportunity to scam those looking to purchase the product.
Almost as soon as ChatGPT and Google BARD were released, Dark AI came thundering along in their tracks. These include products such as WormGPT, FraudGPT, DarkBERT, DarkBARD, and DarkGPT, which have been developed to skip ChatGPT or Google BARD ethical boundaries. Thus, these products are intended for doing criminal activities such as coding malware, or writing phishing messages, and much more, as their developers themselves shared.
Worryingly, WormGPT was even released with open-source documentation, meaning that anyone with the correct skillset could theoretically write their own new and improved product.
Dark AI was immediately lucrative. There will always be criminal buyers who seek the efficiency of a novel piece of tech. Indeed, with Dark AI, fraudsters require less skill to conduct cyber-crime than ever before. And with buyers come sellers. These products swiftly rose to popularity, selling for significant amounts.
But with increasing popularity, the chances that something could go wrong for the criminals also increase. Developers and sellers began to cover their tracks and take products down. While some of these Dark AI services offered lifetime use to buyers, few remained on the market for more than six weeks. Even so, just as it looked like business was plummeting, Outpost24 KrakenLabs analysts saw one of the vendors come back into the market, posting some of the tools - DarkBARD and DarkBERT- via Telegram. Overall though, Dark AI has, for the time being, fallen into a lull, with many functioning Dark AI tools taken off the market.
But this is unlikely to last. For example, one threat actor who, probably regretting removing all their advertisements, has republished some of them quite quickly. And scammers will certainly take advantage of the lingering hype to get money out of wannabe cyber-criminals. For instance, while some Dark AI developers fairly—but illegally—sold their product to buyers, others scam the purchaser: they promise something but don’t deliver.
The potential use of AI in the cyber-crime community is much too great for this lull to remain. Threat actors will find a way to use Dark AI to meet their ends. With enough time and resources—think of the Large Language Models (LLMs) that are currently available with open-source documentation—these threat actors will eventually be able to create Dark AI products that remain functional and on the market for extended periods of time.
Even without the open-source LLMs, it is possible that cyber-criminals could hack closed-access models and then sell their findings to other criminals. If there is a will, there is a way.
In short, it is anticipated that Dark AI will only become more of a threat as it allows both, experienced and newcomer threat actors to automate phishing campaigns, create malware, and much more without huge effort. It probably won’t take very long for this to be the case.
So, what can organisations do to stay ahead of the curve? How can they pre-emptively stop Dark AI from being used against their operations, finances, and employees?
The answer is threat intelligence. Keeping abreast of current as well as up-and-coming threats on the cyber-crime market is extremely important. Threat intel provides the pathway for organisations to do just that.
With knowledge of cyber-crime trends, organisations will be able to adequately prioritise layers of their security stack in order to protect themselves from being exploited. In the case of Dark AI, organisations can keep ahead of the malicious intent and figure out the best way to prevent any attacks. Indeed, to counteract Dark AI, threat intelligence might suggest that the use of non-Dark AI is the right way to go.
While Dark AI is currently in a bit of a lull, it won’t be long before cyber-criminals exploit this novel technology to its fullest extent and use it indiscriminately. The only way to combat this is to stay informed, to stay threat intelligent, and to implement rigorous defensive measures for preventing impact. Always remain one step ahead.
Margarita del Val is a Threat Intelligence Expert at Outpost24’s KrakenLabs
Main image courtesy of iStockPhoto.com
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543