Cybersecurity researchers have uncovered alarming new variants of the notorious WormGPT malicious AI tool that now leverage commercial large language models (LLMs) from xAI and Mistral AI to power sophisticated cyberattacks.
Cato Networks' threat intelligence team identified two previously unreported WormGPT variants being sold on underground forums like BreachForums. The variants, developed by users known as "xzin0vich" and "keanu," appeared in October 2024 and February 2025 respectively. Unlike the original WormGPT from 2023 that used the open-source GPT-J model, these new iterations represent a fundamental shift in approach.
Rather than building custom AI models from scratch, cybercriminals have created sophisticated wrappers around existing commercial AI systems. Through jailbreaking techniques and manipulated system prompts, they've bypassed safety guardrails in Elon Musk's Grok and Mistral's Mixtral models, forcing them to generate malicious content without ethical constraints.
"These new iterations of WormGPT are not bespoke models built from the ground up, but rather the result of threat actors skillfully adapting existing LLMs," explained Vitaly Simonovich, a Cato Networks researcher. This approach dramatically lowers the barrier to entry for cybercriminals, as adapting an existing API is far less complex than training a malicious LLM from scratch.
Both variants successfully generate harmful content when prompted, including convincing phishing emails and PowerShell scripts designed to steal credentials from Windows 11 systems. They're available through Telegram chatbots on a subscription basis, with prices ranging from $8 to $100 per month.
The evolution of WormGPT signals a broader trend in cybercrime, where threat actors increasingly leverage legitimate AI services for malicious purposes through sophisticated prompt engineering. Security experts recommend implementing comprehensive defensive strategies, including enhanced threat detection systems with behavioral analytics, stronger access controls, and improved security awareness training that incorporates AI-generated phishing simulations.
As AI becomes both a tool for attack and a target itself, organizations must prepare for this new reality where the biggest AI threats may come from within the most popular platforms themselves.