Researchers from SlashNext have uncovered a new malicious artificial intelligence tool — Xanthorox AI — which is being actively promoted on underground forums within the dark web. Designed specifically to aid cybercriminals, the tool offers multiple AI models tailored for tasks ranging from malware development to image recognition and real-time voice interaction.
A New Breed of Malicious AI
Discovered earlier this year, Xanthorox AI has been making waves in cybercrime communities for its apparent sophistication and self-sufficiency. The tool, which reportedly operates without relying on popular models such as ChatGPT, Claude, or LLaMa, claims to be completely custom-built.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
According to SlashNext’s investigation, Xanthorox features five core AI models:
Xanthoroxv4 – The base model, supporting multiple functions including a real-time voice module and search integration.
Xanthorox Coder – Designed for generating malicious code, including ransomware that can bypass Windows Defender.
Xanthorox Vision – Capable of recognizing and interpreting images and diagrams.
Xanthorox Reasoner Advanced – A reasoning engine intended to simulate deep cognitive responses.
Voice and File Processing Tools – Including offline capabilities and support for various file formats such as
.txt,.pdf, and.c.
Unlike typical AI abuse cases involving jailbroken versions of legitimate LLMs, Xanthorox operates independently and is reportedly less reliant on public APIs or cloud services — a feature that may make it harder for defenders to detect or neutralize.
“Startup Mentality” in the Cybercrime Ecosystem
Cybersecurity experts are warning that the tool reflects a growing trend of professionalization within cybercrime. “It’s easy to imagine cybercrime as one chaotic entity, but in reality, it functions like any other industry with specializations, roles, and new ‘startups’ aiming to innovate,” said Casey Ellis, founder of Bugcrowd, in comments to SC Media.
SlashNext’s blog includes screenshots that demonstrate Xanthorox’s alarming capabilities — including generating executable ransomware code, interpreting complex images, and performing logical reasoning.
Growing Threat Landscape
This discovery comes amidst a surge in AI-driven cyberattacks. Previous SlashNext reports noted a dramatic increase in phishing activity — a 1,265% spike between late 2022 and early 2023 following the launch of ChatGPT, and another 856% jump in phishing combined with a 27% rise in business email compromise (BEC) incidents between December 2023 and May 2024.
ALSO READ: Call for Chapters: Contribute to the Book “Cyber Crime – From Theory to Practice”
By mid-2024, VIPRE Security Group estimated that nearly 40% of BEC lures were generated using artificial intelligence tools.
While leading AI developers like OpenAI and Google maintain that their platforms have not yet been successfully used to create entirely new malware strains, the emergence of tools like Xanthorox could change the narrative.
Defensive Measures Urged
Cybersecurity professionals are being advised to step up their defenses by investing in advanced email and threat detection technologies — particularly those that use AI to counter AI-generated threats. “The capabilities Xanthorox claims to offer may or may not be fully realized yet,” said SlashNext’s Daniel Kelley. “But the tools and knowledge to build such systems already exist — and it’s only a matter of time before we see even more powerful malicious AI emerge.”
As the line between offensive and defensive AI continues to blur, the discovery of Xanthorox signals a new phase in the cyber threat landscape, where bespoke AI tools become central to the operations of digital crime syndicates.