Trend Micro warns of Darknet AI 'Xanthorox'
AI writes Malware at the Touch of a Button
The AI tool 'Xanthorox' is supposed to generate malicious code automatically and is advertised in criminal forums. According to Trend Micro, it is less powerful than claimed, but shows how easily attackers can use generative AI for cyberattacks.
The security specialist Trend Micro has published an analysis of 'Xanthorox', an AI tool offered on the darknet that is marketed as "guardrails-free AI". The investigation shows that although Xanthorox is less powerful than advertised, it still poses a risk: It can automate the creation of malicious code and thus lower the barriers to entry for cybercrime.
According to Trend Micro, Xanthorox generates functional malicious code and detailed instructions that would be blocked by reputable AI services. However, the system has neither Internet nor darknet access and is therefore less suitable for reconnaissance or vulnerability research. It is presumably based on a "jailbroken" (unauthorized removal of usage restrictions) commercial language model, even though the developers present it as independent and privately hosted. Its focus appears to be on bypassing security and ethics filters rather than improving technical performance.
"Disguised behind a playful facade and available for as little as $300 per month, Xanthorox lets users generate working malware, ransomware code and obfuscation scripts," said David Sancho, Senior Threat Researcher at Trend Micro. "These are tasks that would traditionally require a higher level of technical expertise. Despite its developer's claims that it was designed for ethical hacking, the tool is openly advertised in criminal communities, while documentation is available through public channels such as GitHub and YouTube."
Trend Micro warns that malicious AI systems are evolving and could have stronger anonymity and privacy features in the future.
"Tools like Xanthorox reflect the next phase of AI abuse," says Vincenzo Ciancaglini, Senior Threat Researcher at Trend Micro. "They do not replace experienced attackers, but they lower the barrier to entry for less experienced perpetrators and thus increase the threat volume." According to Ciancaglini, companies should expand their AI strategies to include clear controls for the use and monitoring of generative systems.
The full report can be found here: Trend Micro Report on Xanthorox
You might also be interested in
Authorities, industry and IT targeted by cyber criminals
Authorities, industry and IT were most frequently targeted by cyber criminals in 2025. Authorities remained the main target of cyber attacks, as the latest report and situation report "Anatomy of a Cyber World: Global Report by Kaspersky Security...
read more...Post-quantum cryptography: time window is running out
Companies are facing a strategic dilemma: quantum computers will soon be able to crack today's encryption, while many organizations will need years to switch to new security standards. A recent survey shows: The window of opportunity is narrowing,...
read more...Shutdown after only 20 Hours
German companies believe they are inadequately prepared for hybrid threats. According to a Bitkom survey, they would only be able to continue working for an average of 20 hours in the event of an internet outage. 83% of respondents expect a serious...
read more...Global Incident Response Report 2026
AI accelerates Cyber Attacks
The "Global Incident Response Report 2026" by the Unit 42 team at Palo Alto Networks analyzes over 750 serious security incidents in more than 50 countries. The evaluation shows faster, more complex attacks, increasing use of AI and growing risks in...
read more...Three new OT Attacker Groups identified
The new OT/ICS report from Dragos documents a growing number of specialized attacker groups and a significant increase in ransomware activity in industrial environments. Three new OT groups have been identified.
read more...16 % more Cyber Attacks in Germany in January
As Check Point's Monthly Cyber Threat Report shows, there were 16 percent more cyber attacks in Germany in January. In Europe, the volume of attacks rose by 18 percent to 1755 weekly attacks per company. In Austria, they rose by 14 percent to 1676,...
read more...Edge Security for Industrial Plants
Advantech uses AI EdgeLabs for Runtime Security
Advantech integrates the AI EdgeLabs platform to implement security and governance functions directly into edge and industrial platforms. The aim is to comply with European cybersecurity regulations such as CRA and NIS2.
read more...Criminals use AI Systematically
Trend Micro warns in a new study of the increasing professionalization of AI-supported cybercrime. Deepfakes, fraud and malware are gaining in importance.
read more...These Groups shaped the Malware Landscape in 2025
The "Nastiest Malware Report 2025" from OpenText names the most dangerous players of the year. AI, social engineering and identity theft are shaping a new wave of targeted attacks - from ransomware to data theft.
read more...