Dark LLMs Aid Petty Criminals, Underwhelm Technically

‘Dark LLMs’ Aid Petty Criminals, But Underwhelm Technically

As in the wider world, AI is not quite living up to the hype in the cyber underground. But it’s definitely helping low-level cybercriminals do competent work. On Nov. 30, 2022, developers released a chatbot capable of writing code and phishing emails, sparking fears of AI-driven cyberattacks.

Why This Matters

Despite predictions of AI-driven cyberapocalypses, dark LLMs like WormGPT 4 and KawaiiGPT remain technically limited. They generate rudimentary malware and phishing content but lack the innovation to bypass existing defenses. Researchers note that 80% of dark-LLM-generated malware is based on known samples, leaving existing detection tools effective. The cost of failure—such as undetected attacks—is low for hackers but high for organizations relying on outdated threat models.

Key Insights

• “WormGPT 4’s ransom note generator, 2023”: Produces grammatically correct but unoriginal ransom messages.
• “KawaiiGPT’s lateral movement on Linux”: Demonstrates basic, not advanced, attack capabilities.
• “Unit 42’s 2025 analysis”: Highlights lack of novel malware techniques from dark LLMs.

Practical Applications

• Use Case: Low-level hackers using KawaiiGPT for phishing campaigns.
• Pitfall: Overreliance on LLMs leads to detectable, non-novel malware.

References:

• https://www.darkreading.com/threat-intelligence/dark-llms-petty-criminals
• https://unit42.paloaltonetworks.com/blog/dark-llms-analysis-2025