It pays to keep your ears on the pulse of the underground chatter on exploiting generative AI and other emergent threats.

Last year, analysts at Kaspersky discovered nearly 3,000 posts on the Dark Web in discussions around the use of ChatGPT and other tools that rely on AI technologies, to perpetrate cyberattacks, scams and other malicious campaigns. Even though chatter peaked in March 2023, discussions persist.

Since then, one more threat for individual users and enterprises alike is the market for accounts for the paid version of ChatGPT. In addition to the earlier 3,000 posts, another few thousand messages across the web and shadow Telegram channels have included advertisements for ChatGPT accounts.

These posts either distribute stolen accounts or promote auto-registration services massively creating accounts on request. Notably, certain posts were repeatedly published across multiple dark web channels.

According to Alisa Kulishenko, a ‘digital footprint analyst’ at the firm: “Topics frequently include the development of malware and other types of illicit use of language models, such as processing of stolen user data, parsing files from infected devices, and beyond. The popularity of AI tools has led to the integration of automated responses from ChatGPT or its equivalents into some cybercriminal forums. In addition, threat actors tend to share jailbreaks — special sets of prompts that can unlock additional functionality — and devise ways to exploit legitimate tools, such as those for pentesting, based on models for malicious purposes.”

Apart from the chatter around chatbot and generative AI, considerable attention is being given to projects like XXXGPT, FraudGPT, and others. These language models are marketed on the Dark Web as alternatives to ChatGPT that boast additional functionality and the absence of original limitations.

AI is as dangerous as we make it

 While AI tools themselves are not inherently dangerous, cybercriminals are trying to come up with efficient ways of using language models, thereby fueling a trend of lowering the entry barrier into cybercrime and, in some cases, potentially increasing the number of cyberattacks. 

In 2024, the automated nature of cyberattacks will mean more attention needs to be paid on automated defenses. “Staying informed about attackers’ activities is crucial to being ahead of (the cybercriminals) in terms of corporate cybersecurity”, Kulishenko added.


Some tips to gather cyber intelligence on cybercriminal activities in the shadow segment of the internet to stay safe include:

    • Use threat intelligence services to explore adversaries’ resources and potential attack vectors available to them. This also helps raise awareness about existing threats from cybercriminals in order to adjust your corporate defenses accordingly, or to take counter and elimination measures preemptively.
    • Choose a reliable endpoint security solution that is equipped with behavior-based detection and anomaly control capabilities.
    • Employ dedicated managed detection and response services to be ready for high-profile attacks. This can help identify and stop intrusions in their early stages, before the perpetrators can achieve their goals.
    • Have an incidence response service ready at all times such that, in the event of a cyberattack, you can respond quickly (identify compromised nodes) and minimize the consequences promptly, and even protect the infrastructure from similar attacks in the future.