Answer Brief
Since WormGPT emerged in June 2023, AI-driven hacking tools have spread via dark web, Telegram, GitHub, and Hugging Face, evolving into a hybrid market of paid SaaS and free open-source distribution. These tools automate phishing, malware development, reconnaissance, brute-forcing, vulnerability exploitation, and social engineering, lowering entry barriers while enabling autonomous attack orchestration, as seen in the Bissa Scanner case exploiting CVE-2025-55182 to compromise over 900 systems and steal 65,000+ credential files, including those linked to Anthropic, OpenAI, Google, AWS, Stripe, and PayPal.
Signal Timeline
A quick visual path for analysts before reading the full brief.
- 1
WormGPT emerges
- 2
The DFIR Report publishes Bissa Scanner case
- 3
Google GTIG releases report on AI-native malware and PRC/DPRK threat actor use of AI
Executive Summary: Since WormGPT emerged in June 2023, AI-driven hacking tools have spread via dark web, Telegram, GitHub, and Hugging Face, evolving into a hybrid market of paid SaaS and free open-source distribution. These tools automate phishing, malware development, reconnaissance, brute-forcing, vulnerability exploitation, and social engineering, lowering entry barriers while enabling autonomous attack orchestration, as seen in the Bissa Scanner case exploiting CVE-2025-55182 to compromise over 900 systems and steal 65,000+ credential files, including those linked to Anthropic, OpenAI, Google, AWS, Stripe, and PayPal.
Why It Matters
The ASEC report details a significant evolution in the cyber threat landscape since the emergence of WormGPT in June 2023, marking the beginning of a widespread proliferation of AI-powered hacking tools across multiple distribution channels. These tools are no longer confined to dark web forums but have expanded to mainstream platforms like Telegram, GitHub, and Hugging Face, reflecting a maturing underground ecosystem that blends commercial SaaS models with free, open-source distribution. This dual-market structure lowers the technical and financial barriers for threat actors while enabling rapid innovation and adaptation.
The core capabilities of these AI tools have fragmented into specialized functions: automating phishing campaigns, generating malware, conducting reconnaissance, executing brute-force attacks, exploiting vulnerabilities, and enhancing social engineering tactics. Notable tools cited include WormGPT, FraudGPT, EvilGPT, KawaiiGPT, Xanthorox, HexStrike AI, and BruteForce AI, many of which are not standalone models but rather wrappers or jailbroken versions of commercial AI APIs like Mistral and Grok, or based on uncensored open-source models hosted on Hugging Face. The leak of the WormGPT user database, exposing approximately 19,000 emails, payment details, and subscription records, underscores the real-world impact and scale of adoption within the threat actor community.
Technical Signal
A critical development highlighted in the report is the shift toward autonomous attack orchestration, exemplified by the Bissa Scanner case disclosed by The DFIR Report in April 2026. In this incident, threat actors leveraged Claude Code and OpenClaw to coordinate a large-scale attack exploiting CVE-2025-55182 in Next.js, scanning millions of targets and compromising over 900 systems. The attack resulted in the theft of more than 65,000 credential files, including sensitive authentication data linked to Anthropic, OpenAI, Google, AWS, Stripe, and PayPal—demonstrating how AI-enabled tools can amplify the speed, scale, and precision of offensive operations.
Further evidence of AI’s offensive integration comes from Google’s GTIG May 2026 report, which identified AI-native malware such as Promptflux, Honestcue, Canfail–Longstream, and Promptspy. Promptflux abuses the Gemini API to rewrite its own code dynamically, Honestcue uses real-time VBScript obfuscation, and Promptspy functions as an Android backdoor that uses Gemini API to analyze UI structures and simulate user interactions like clicks and swipes, including anti-deletion mechanisms. These examples illustrate how AI is being embedded directly into malware to enable adaptive, evasive, and autonomous behavior.
Operational Impact
The report also confirms state-linked adoption of AI in cyber operations. Google GTIG assessed with high confidence that a PRC-linked threat actor utilized AI in conjunction with the wooyun-legacy project for zero-day exploit development. Meanwhile, DPRK-linked APT45 automated CVE analysis and proof-of-concept validation through repetitive prompting, and APT27 used Gemini to accelerate the development of Operational Relay Box (ORB) network management applications. These cases indicate that nation-state actors are not only using AI for efficiency gains but are integrating it into core offensive infrastructure and workflows.
The central risk identified is the growing asymmetry between offense and defense: attackers are increasingly using AI to automate and accelerate attack chains, while defenders often remain reliant on static, rule-based defenses. This imbalance creates a velocity and cost disadvantage for defenders, necessitating a shift toward AI-driven active defense, enhanced multi-factor authentication, rigorous AI model governance, and comprehensive reviews of AI supply chains and infrastructure security. The report concludes that the true danger lies not in the sophistication of individual AI models, but in the uncontrolled diffusion of AI capabilities across the threat landscape—a structural challenge requiring coordinated, adaptive responses.
What To Watch
For East Asia-focused monitoring teams, this report provides actionable regional situational awareness. Organizations with operations, subsidiaries, suppliers, or partners in the region should verify whether their telemetry shows similar patterns: help-desk tickets referencing AI-generated phishing, endpoint detections of uncensored model usage, mail gateway blocks on jailbreak-prompted content, or identity anomalies tied to credential theft from major cloud and financial platforms. Specific logs to review include command-line activity involving Ollama or Termux, scheduled tasks linked to automated reconnaissance, and script execution resembling UI automation behaviors described in Promptspy.
The report’s value lies in its granularity about tooling and tactics rather than broad attribution claims. Teams should avoid overinterpreting the PRC- and DPRK-linked references as evidence of coordinated campaigns; instead, treat them as indicators of individual actor groups adopting AI for specific workflow acceleration. Monitoring should focus on whether observed behaviors match the described functions—such as automated vulnerability scanning via OpenClaw or credential harvesting via Gemini API abuse—rather than assuming state direction.
For technology, finance, cloud infrastructure, and cybersecurity sectors, the priority is not incident response but proactive validation: confirm asset exposure to East Asia threat actors, map detection coverage for the cited techniques (e.g., jailbreak prompts, uncensored model execution, AI-driven orchestration), and assess whether current defenses can detect adaptive malware like Promptflux or Promptspy. If gaps exist, consider adding the report to a regional watchlist for tuning detection rules or updating threat intelligence feeds with the cited IOCs (e.g., CVE-2025-55182 exploitation patterns, known jailbreak prompt structures, uncensored model hashes).
The structural challenge of uncontrolled AI capability diffusion means that defensive investments must prioritize adaptability over static controls. Teams should evaluate whether their AI governance frameworks cover model provenance and usage monitoring, whether MFA enforcement extends to service accounts and API keys, and whether supply chain reviews include scrutiny of AI infrastructure components. The goal is not to match attacker innovation but to reduce the defender’s reaction latency through better observability and faster containment.
Finally, the report underscores that regional signals like this one gain significance through repetition. If similar AI-powered tool usage, attack orchestration patterns, or malware behaviors appear in subsequent East Asia sources over the next 3–6 months, the signal strengthens and warrants deeper investigation. Until then, treat this as a high-fidelity indicator of evolving TTPs in the region, useful for refining detection logic and validating control effectiveness against observed adversary behaviors.
Event Type: security
Importance: high
Affected Companies
- AWS
- Anthropic
- OpenAI
- PayPal
- Stripe
Affected Sectors
- cloud infrastructure
- cybersecurity
- finance
- technology
Key Numbers
- Compromised systems in Bissa Scanner case: 900+
- Credential files stolen in Bissa Scanner case: 65,000+
- Users exposed in WormGPT user database leak: 19,000
Timeline
- WormGPT emerges
- The DFIR Report publishes Bissa Scanner case
- Google GTIG releases report on AI-native malware and PRC/DPRK threat actor use of AI
Frequently Asked Questions
What are the main functions of AI-powered hacking tools as described in the ASEC report?
The main functions include phishing automation, malware development, reconnaissance, brute-forcing, vulnerability exploitation, and social engineering, which have become specialized and distributed across dark web, Telegram, GitHub, and Hugging Face platforms.
How did threat actors use AI in the Bissa Scanner attack exploiting CVE-2025-55182?
Threat actors used Claude Code and OpenClaw as attack orchestration tools to automate the exploitation of CVE-2025-55182 in Next.js, enabling mass scanning of millions of targets, resulting in over 900 breaches and the theft of 65,000+ credential files, including those from major tech and financial firms.
What is the significance of uncensored AI models in the proliferation of AI hacking tools?
Uncensored models from Hugging Face, such as WhiteRabbitNeo, Llama 2 Uncensored, and the Dolphin series, can be run locally via frameworks like Ollama, reducing cost and traceability, thereby lowering the barrier to entry for malicious actors seeking to deploy AI-powered attack tools without relying on monitored APIs.