Security researchers have identified a sophisticated new malicious artificial intelligence platform called Xanthorox AI circulating in darknet forums since late Q1 2025.
The platform, which brands itself as the “Killer of WormGPT and all EvilGPT variants,” represents a significant evolution in AI-powered cybercrime tools.
Unlike previous malicious AI systems that relied on jailbreaking existing language models, Xanthorox introduces a completely self-hosted, multi-model architecture designed specifically for offensive cyber operations.
This approach entirely abandons dependence on foundation models like GPT, LLaMA, and Claude.
“It’s easy to think of the cybercriminal ecosystem as one big amorphous blob of badness, when in reality it operates much like any service and platform industry,” said Casey Ellis, founder of Bugcrowd Inc.
“The local model tuning/training they seem to have used to decouple it from the foundational model vendors means they’ll have lock-in with their users.”
Technical Architecture
According to SlashNext researchers’ report, Xanthorox AI features five distinct models running entirely on local servers controlled by its developers.
This local-first deployment strategy significantly reduces detection risk and traceability.
The system’s modular design includes:
- Xanthorox Coder: Handles code generation, malware development, and vulnerability exploitation
- Xanthorox Vision: Provides image processing capabilities for screenshot analysis and data extraction
- Xanthorox Reasoner Advanced: Simulates human logic for generating convincing and consistent outputs
- Voice Interface: Supports real-time voice interaction and asynchronous messaging
- Search Capabilities: Uses 50+ search engines for real-time data gathering
“Where the new Xanthorox AI gets interesting is in how it abandons reliance on existing foundation models altogether,” noted researchers at SlashNext.
The platform’s autonomous design allows it to function offline while processing multiple file formats, including .c, .txt, and .pdf.
Cybersecurity Implications
Security experts warn that Xanthorox represents a new generation of AI threats specifically built for autonomous cyberattacks.
Its comprehensive toolkit enables attackers to generate sophisticated phishing campaigns, create malware, conduct social engineering, and analyze data at scale.
Kris Bondi, CEO of Mimoto, observed that “self-directed, autonomous cyber-attacks can hyper-charge bad actors’ ability to innovate their attacks”.
Even with moderate success rates, such tools could prove devastating as they learn and evolve from each deployment.
Previous research has already documented significant increases in AI-generated attacks, with SlashNext reporting a 1,265% rise in phishing attacks between Q4 2022 and Q1 2023 after ChatGPT’s release.
Defensive Measures
As AI-powered threats evolve, cybersecurity solutions must adapt accordingly.
SlashNext has developed AI-powered detection technologies that analyze behavior patterns and language to identify AI-generated threats in real time.
Their platform combines relationship graphs, contextual analysis, computer vision, and natural language processing to detect threats with 99.9% accuracy.
This multi-layered approach helps identify malicious content, whether it appears in text or images or as part of multi-channel phishing campaigns.
With tools like Xanthorox emerging, organizations must prioritize advanced email security technologies that can detect AI-generated content and block threats before they reach potential victims.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
.webp?w=1200&resize=1200,0&ssl=1&description=The platform, which brands itself as the "Killer of WormGPT and all EvilGPT variants," represents a significant evolution in AI-powered cybercrime tools.){kind=link}