Cyber Security News

Xanthorox AI: New Automated Hacking Tool Surfaces on Hacker Forums

A new malicious AI tool, Xanthorox AI, has emerged on underground hacker forums.

Dubbed the “Killer of WormGPT and all EvilGPT variants,” Xanthorox AI is poised to outpace previous AI-powered cyber tools in its versatility, stealth, and offensive capabilities, making it a significant threat in the realm of cybercrime.

Emergence and Infrastructure

First detected in Q1 of 2025, Xanthorox AI has been circulating in darknet communities, where it is being marketed as a cutting-edge AI platform designed for offensive cyber operations.

script writing to malware development and vulnerability exploitationscript writing to malware development and vulnerability exploitation
script writing to malware development and vulnerability exploitation

Unlike its predecessors that relied on tweaks or jailbreaks of existing mainstream models like OpenAI’s GPT or Meta’s LLaMA, Xanthorox AI is reportedly a bespoke system developed from the ground up.

The developers claim that Xanthorox AI operates as a self-contained, multi-model architecture hosted entirely on private servers, ensuring complete autonomy and minimal traceability.

By eschewing public cloud infrastructure and external APIs, Xanthorox AI leverages local servers to maintain operational secrecy and avoid detection.

Xanthorox Vision

Its modular design also allows for upgrades or replacements of specific components, ensuring the tool remains relevant even as cybersecurity defenses evolve.

Key features described by the sellers include:

  • Proprietary language models with no ties to existing AI frameworks.
  • Offline functionality, removing reliance on network connectivity.
  • Built-in voice and image handling modules.
  • Internet search scraping capabilities from over 50 engines.
  • Data containment to eliminate third-party telemetry risks.

Features and Capabilities

Xanthorox AI is being marketed as an “all-in-one” hacking tool, boasting modules tailored to various cybercriminal tasks. Below is an overview of its primary components:

  1. Xanthorox Coder: A code generation and scripting assistant that automates malware creation, exploit development, and script refinement. This module provides attackers with customizable code snippets tailored to specific vulnerabilities.
  2. Xanthorox Vision: A visual intelligence tool capable of analyzing uploaded images and screenshots. It claims to extract relevant data, interpret visual content, or generate descriptive analyses, providing attackers with insights from graphical information, such as scanned documents or system screenshots.
  3. Xanthorox Reasoner Advanced: A module designed to mimic human reasoning. While achieving “100% accuracy” may be unrealistic, the tool aims to provide logically consistent and persuasive outputs—a useful capability for attackers crafting phishing emails, social engineering scripts, or negotiation strategies.
  4. Voice Interaction: Xanthorox supports voice-based commands through real-time calls or asynchronous voice messages, enabling hands-free operation. This feature could be particularly useful in covert environments where traditional keyboard inputs may be impractical or risky.
  5. Web Scraping and Static File Analysis: Using over 50 search engines, Xanthorox scrapes the internet for up-to-date intelligence, bypassing the usual constraints of APIs. Additionally, its file analysis capabilities allow it to process formats like .c, .txt, and .pdf, extracting or summarizing content to aid attackers handling stolen data.
Voice-based interaction interface

According to the SlashNext report, Xanthorox AI represents a dangerous escalation in the use of AI for cybercrime. By combining modular customization, offline functionality, and a wide array of capabilities, it underscores the growing sophistication of malicious AI tools.

For cybersecurity professionals, the emergence of Xanthorox AI highlights the urgent need to develop countermeasures capable of identifying and neutralizing such advanced systems.

As hackers gain access to increasingly autonomous and intelligent tools, the stakes for businesses, governments, and individuals rise exponentially.

Xanthorox AI is a stark reminder of the dual-edged nature of AI technology—and the critical importance of staying ahead in the cybersecurity arms race.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

2 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

2 days ago