Darkweb

The proliferation and evolution of AI-powered hacking tools – from dark web distribution to autonomous attacks

  • May 22 2026
The proliferation and evolution of AI-powered hacking tools – from dark web distribution to autonomous attacks

Key takeaway.

  • since the emergence of WormGPT in June 2023, AI-based hacking tools have spread to the dark web, Telegram, GitHub, and Hugging Face.
  • the market has evolved into a mix of paid subscription SaaS and free open-source distributions.
  • key capabilities have been segmented into phishing automation, malware development, reconnaissance, brute force, vulnerability exploitation, and social engineering.
  • Several tools such as WormGPT, FraudGPT, EvilGPT, KawaiiGPT, Xanthorox, HexStrike AI, BruteForce AI, and others have been distributed.
  • While AI tools have lowered the barrier to entry for attacks, the impact is limited to certain stages rather than the entire process, and the core attack infrastructure still requires specialized expertise.
  • The essence of the AI threat is not in the latest models, but in the structural limitations that allow AI capabilities to proliferate uncontrollably.

Exploiting distribution ecosystems and open source.

  • commercial tools on the dark web are not proprietary models, but wrappers around commercial AI APIs like Mistral and Grok with jailbreak prompts, or based on Hugging Face’s unsensored model with safeguards removed.
  • The WormGPT user DB leak exposed the emails, payment information, and subscription records of over 19,000 people.
  • KawaiiGPT (a free and open AI hacking tool) was publicly distributed on GitHub and supported Termux (Android terminal environment).
  • Models like WhiteRabbitNeo, Llama 2 Uncensored, Dolphin Series, and Wizard-Vicuna Uncensored can be run locally, making them easier to track and less costly.
  • Through Ollama (a framework for running AI models locally), it is easy to run uncensored models, further lowering the barrier to entry.

Real-world attack cases and malware evolution.

  • in April 2026, The DFIR Report disclosed the Bissa Scanner case, in which the threat actor used Claude Code and OpenClaw as attack orchestration tools.
  • the attack exploited CVE-2025-55182 in Next.js to scan millions of targets, leading to more than 900 compromises and more than 65,000 credential file thefts.
  • credentials stolen included those associated with Anthropic, OpenAI, Google, AWS, Stripe, and PayPal.
  • The Google GTIG May 2026 report disclosed AI-embedded malware such as Promptflux, Honestcue, Canfail – Longstream, and Promptspy.
  • Promptflux called the Gemini API to rewrite its own source code, while Honestcue made real-time requests for VBScript obfuscation.
  • Promptspy used the Gemini API as an Android backdoor to analyze UI structure and simulate clicks, swipes, and even included a delete sabotage feature.

Leveraging and responding to Region.

  • Google GTIG also identified the first zero-day exploit that we are highly confident utilized AI.
  • the China-linked threat actor leveraged the wooyun-legacy project, while the North Korea (DPRK)-linked APT45 automated CVE analysis and proof-of-concept verification with repetitive prompting.
  • APT 27 leveraged Gemini to accelerate the development of its Operational Relay Box (ORB) network management application.
  • the report concludes that AI agent-based active defense, enhanced multi-factor authentication (MFA), AI model governance, and supply chain and AI infrastructure security reviews are needed.
  • a key risk is that threat actors will autonomize their attacks with AI, while defenders will be at a speed and cost disadvantage if they remain with traditional static defenses.

Tags:
Previous Post