Malicious AI Arrives on the Dark Web

It’s early days, so it’s too soon to know how effective WormGPT and FraudGPT actually are. The specific datasets and algorithms they are trained on are unknown. The GPT-J and GPT-3 models they are based on were released in 2021, which is relatively old technology compared with more advanced models like OpenAI’s GPT-4. And just as in the legitimate world, these AI tools could be overhyped. As anyone who has played around with ChatGPT, Google’s Bard or one of the other AI tools on the market knows, AI might promise the world, but it is still limited in what it can actually do. It’s also entirely possible that the malicious AI bots for sale are scams in themselves, designed to defraud other cybercriminals. Cybercriminals are, after all, criminals.

Yet it’s safe to say that these tools are just the beginning of a new wave of AI-powered cybercrime.

Despite its limitations, AI offers enormous opportunities for nefarious actors to enhance their malicious activity and expand their operations. For example, AI can craft convincing phishing emails by mimicking authentic language and communication patterns, deceiving even savvy users and leading to more people unwittingly clicking on malicious links. AI can quickly scrape the internet for personal details about a target to develop a tailored scam or carry out identity theft. AI can also assist in rapidly developing and deploying malware, including pinpointing vulnerabilities in software before they can be patched. It can be used to generate or refine malicious code, lowering the technical barriers for cybercriminals.

AI technology is also getting smarter—fast.

There are already two new malicious AI tools in the works that represent a giant leap beyond WormGPT’s and FraudGPT’s capabilities. The creator of FraudGPT is apparently developing DarkBART—a dark web version of Google’s Bard AI—and DarkBERT, a bot trained on data from the dark web. Both tools will have internet access and be integrated with Google Lens. Interestingly, DarkBERT was originally developed by researchers to help fight cybercrime.

The widespread adoption of AI by nefarious actors and the technology’s rapid advancement will only continue to elevate the scale and sophistication of malicious cyber threats. AI-powered cybercrime will demand an even more proactive approach to cybersecurity to counter the dynamic and evolving tactics employed by malicious actors. Fortunately, AI also offers opportunities to enhance cybersecurity—and the principles of good cyber hygiene and awareness training remain relevant as the first line of defense against cybercriminals. But individuals, organizations and the government will still need to get ready for an explosion of AI-powered cybercrime.

Mercedes Page is a senior fellow at ASPI. This article is published courtesy of the Australian Strategic Policy Institute (ASPI).