A new malicious AI tool, Xanthorox AI, has emerged on underground hacker forums.
Dubbed the “Killer of WormGPT and all EvilGPT variants,” Xanthorox AI is poised to outpace previous AI-powered cyber tools in its versatility, stealth, and offensive capabilities, making it a significant threat in the realm of cybercrime.
Emergence and Infrastructure
First detected in Q1 of 2025, Xanthorox AI has been circulating in darknet communities, where it is being marketed as a cutting-edge AI platform designed for offensive cyber operations.
.png
)
Unlike its predecessors that relied on tweaks or jailbreaks of existing mainstream models like OpenAI’s GPT or Meta’s LLaMA, Xanthorox AI is reportedly a bespoke system developed from the ground up.
The developers claim that Xanthorox AI operates as a self-contained, multi-model architecture hosted entirely on private servers, ensuring complete autonomy and minimal traceability.
By eschewing public cloud infrastructure and external APIs, Xanthorox AI leverages local servers to maintain operational secrecy and avoid detection.
Its modular design also allows for upgrades or replacements of specific components, ensuring the tool remains relevant even as cybersecurity defenses evolve.
Key features described by the sellers include:
- Proprietary language models with no ties to existing AI frameworks.
- Offline functionality, removing reliance on network connectivity.
- Built-in voice and image handling modules.
- Internet search scraping capabilities from over 50 engines.
- Data containment to eliminate third-party telemetry risks.
Features and Capabilities
Xanthorox AI is being marketed as an “all-in-one” hacking tool, boasting modules tailored to various cybercriminal tasks. Below is an overview of its primary components:
- Xanthorox Coder: A code generation and scripting assistant that automates malware creation, exploit development, and script refinement. This module provides attackers with customizable code snippets tailored to specific vulnerabilities.
- Xanthorox Vision: A visual intelligence tool capable of analyzing uploaded images and screenshots. It claims to extract relevant data, interpret visual content, or generate descriptive analyses, providing attackers with insights from graphical information, such as scanned documents or system screenshots.
- Xanthorox Reasoner Advanced: A module designed to mimic human reasoning. While achieving “100% accuracy” may be unrealistic, the tool aims to provide logically consistent and persuasive outputs—a useful capability for attackers crafting phishing emails, social engineering scripts, or negotiation strategies.
- Voice Interaction: Xanthorox supports voice-based commands through real-time calls or asynchronous voice messages, enabling hands-free operation. This feature could be particularly useful in covert environments where traditional keyboard inputs may be impractical or risky.
- Web Scraping and Static File Analysis: Using over 50 search engines, Xanthorox scrapes the internet for up-to-date intelligence, bypassing the usual constraints of APIs. Additionally, its file analysis capabilities allow it to process formats like .c, .txt, and .pdf, extracting or summarizing content to aid attackers handling stolen data.
According to the SlashNext report, Xanthorox AI represents a dangerous escalation in the use of AI for cybercrime. By combining modular customization, offline functionality, and a wide array of capabilities, it underscores the growing sophistication of malicious AI tools.
For cybersecurity professionals, the emergence of Xanthorox AI highlights the urgent need to develop countermeasures capable of identifying and neutralizing such advanced systems.
As hackers gain access to increasingly autonomous and intelligent tools, the stakes for businesses, governments, and individuals rise exponentially.
Xanthorox AI is a stark reminder of the dual-edged nature of AI technology—and the critical importance of staying ahead in the cybersecurity arms race.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
