Practical guides to protect yourself, your family, and your business from AI-driven scams, deepfakes, and emerging cyber threats.
Popular articles
The democratization of capability
For decades, writing functional malware required real programming skill. The bar to write a credential stealer, an obfuscated dropper, or a working phishing kit kept most would-be criminals out. That bar has now collapsed.
Tools marketed under names like WormGPT, FraudGPT, and EvilGPT began appearing on dark web forums in 2023. They are unaligned LLMs — either open-source models fine-tuned to remove safety guardrails, or stolen API access to commercial models with system prompts that bypass refusals. The going rate is roughly $60 to $200 per month.
What they produce, for a non-technical user, is genuinely concerning.
What these tools can actually do
From observed forum activity and security research:
- Generate working phishing emails tailored to a target industry, with HTML landing pages that mimic real services.
- Produce credential stealer code in Python or PowerShell, including evasion techniques.
- Write convincing business email compromise scripts for multi-stage social engineering.
- Help non-coders chain together existing exploits and proof-of-concept code.
What they cannot reliably do — yet — is develop novel zero-day exploits or evade well-tuned EDR. The frontier of attack capability still requires skilled humans. But the volume of mid-tier attacks has gone up because the population of capable attackers has gone up.
Why this matters for defenders
Three implications for security teams:
- Expect more phishing, of higher quality, at all hours. The attacker no longer needs to be awake or on your timezone.
- Commodity malware will spike. Mostly defended against by EDR and email security — but coverage gaps will get exploited faster.
- Your weakest link is your slowest patcher. AI lets attackers exploit known CVEs at scale within hours of disclosure.
The defensive playbook
Nothing in the defender stack is genuinely new — but the urgency is. Prioritize:
- Mandatory MFA on all accounts, no exceptions.
- EDR with behavioral detection, not just signatures.
- Email gateways with attachment sandboxing.
- Aggressive patching cadence for any internet-facing service.
- Security awareness training updated for AI-generated lures.
One more thing
If your organization develops or fine-tunes its own AI models, audit who has access and whether your safety filters can be circumvented internally. The next WormGPT will be built from a leaked enterprise model. Make sure it is not yours.
