These tools enable threat actors to rapidly generate scanning utilities, exploit code, and evasion tactics, lowering the barrier to entry for sophisticated attacks. Cybercriminals are increasingly weaponizing generative AI and large language models (LLMs) like ChatGPT, Claude, and DeepSeek to automate exploit development, bypass security safeguards, and refine malware campaigns. This technique, coupled with tools like LangChain and MCP (Model Context Protocol), allows attackers to chain multiple AI workflows-from vulnerability discovery to proof-of-concept exploit generation-while evading detection. For instance, WormGPT, a modified LLM promoted on cybercrime forums, strips default ethical guardrails to generate phishing emails, exploit code, and injection payloads on demand. According to a recent report by the S2W Threat Intelligence Center (TALON), dark web forums have seen a surge in discussions around AI-driven offensive tools since early 2025. S2W researchers observed threat actors using prompt engineering techniques to trick models like ChatGPT into producing restricted content. Attackers now directly target LLM APIs and infrastructure-such as Gemini’s balance manipulation exploit advertised by “MTU1500Tunnel” in February 2025-to hijack AI services for malicious purposes. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. One notable example is the exploitation of CVE-2024-10914, a critical remote code execution vulnerability, where AI-generated scanners and payloads were openly shared on platforms like Cracked and BreachForums. S2W analysts identified a January 2025 case in which a user named “KuroCracks” distributed a Masscan-based scanner for CVE-2024-10914, claiming it was optimized using ChatGPT. Code snippets from the post revealed AI-assisted modifications to traditional scanning logic, including dynamic payload generation and obfuscation layers to evade signature-based detectio. To counter these threats, S2W emphasizes multi-layered defenses, including real-time monitoring of LLM API traffic, adversarial prompt detection, and community-driven threat intelligence sharing. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The tool automated target identification and exploit deployment, enabling botnet operators to compromise vulnerable systems at scale. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. These developments highlight a paradigm shift: LLMs are no longer just tools for defenders but are being repurposed to accelerate offensive operations. The Xanthorox tool first appeared on dark web forums and cybersecurity blogs in April 2025.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 15 May 2025 10:40:01 +0000