A new malicious AI tool, Xanthorox AI, has emerged on underground hacker forums.
Dubbed the “Killer of WormGPT and all EvilGPT variants,” Xanthorox AI is poised to outpace previous AI-powered cyber tools in its versatility, stealth, and offensive capabilities, making it a significant threat in the realm of cybercrime.
First detected in Q1 of 2025, Xanthorox AI has been circulating in darknet communities, where it is being marketed as a cutting-edge AI platform designed for offensive cyber operations.
Unlike its predecessors that relied on tweaks or jailbreaks of existing mainstream models like OpenAI’s GPT or Meta’s LLaMA, Xanthorox AI is reportedly a bespoke system developed from the ground up.
The developers claim that Xanthorox AI operates as a self-contained, multi-model architecture hosted entirely on private servers, ensuring complete autonomy and minimal traceability.
By eschewing public cloud infrastructure and external APIs, Xanthorox AI leverages local servers to maintain operational secrecy and avoid detection.
Its modular design also allows for upgrades or replacements of specific components, ensuring the tool remains relevant even as cybersecurity defenses evolve.
Key features described by the sellers include:
Xanthorox AI is being marketed as an “all-in-one” hacking tool, boasting modules tailored to various cybercriminal tasks. Below is an overview of its primary components:
According to the SlashNext report, Xanthorox AI represents a dangerous escalation in the use of AI for cybercrime. By combining modular customization, offline functionality, and a wide array of capabilities, it underscores the growing sophistication of malicious AI tools.
For cybersecurity professionals, the emergence of Xanthorox AI highlights the urgent need to develop countermeasures capable of identifying and neutralizing such advanced systems.
As hackers gain access to increasingly autonomous and intelligent tools, the stakes for businesses, governments, and individuals rise exponentially.
Xanthorox AI is a stark reminder of the dual-edged nature of AI technology—and the critical importance of staying ahead in the cybersecurity arms race.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its…
OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed…
The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion…
A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs),…
Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…
The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…