Disclaimer: The information in this article is based on publicly available security research and threat intelligence reports. No illegal services were accessed or tested in the preparation of this piece.
January 2025 — While Silicon Valley debates AI ethics over lattes, a parallel universe of artificial intelligence is thriving in encrypted corners of the internet. These aren’t your corporate ChatGPTs with built-in moral compasses. These are raw, uncensored language models being sold for Bitcoin to the highest bidder.
The New Digital Arms Dealers
Picture this: A 19-year-old with zero coding experience logs into a Telegram channel, pays $200 in cryptocurrency, and within minutes has access to an AI that will write him ransomware code, craft perfect phishing emails in any language, or generate fake legal documents. This isn’t hypothetical — it’s happening right now through services like WormGPT and FraudGPT.
What makes these tools particularly insidious is their business model. Unlike traditional malware that required technical expertise to deploy, these AI services operate like Netflix subscriptions for cybercrime. Monthly fees range from $60 to $500, depending on features. Want voice cloning capabilities? That’s extra. Need it to bypass specific email filters? There’s a premium tier for that.
The sellers aren’t hiding in shadows anymore. They’re running customer support channels, offering tutorials, and even providing money-back guarantees if their AI doesn’t successfully breach your target’s defenses within 30 days.
How Criminals Are Building Their Own Language Models
Here’s where things get technically fascinating and deeply disturbing. These aren’t just jailbroken versions of legitimate models — increasingly, criminal organizations are training their own AI from scratch.
Take DarkBERT as an example. While technically developed for defensive research, it represents something unprecedented: an AI trained exclusively on dark web data. It understands the coded language of drug dealers, recognizes cryptocurrency scam patterns, and can interpret the euphemisms used in human trafficking forums. When tested against standard language models, DarkBERT identified illicit content with 15% higher accuracy simply because it “speaks the language” of the underground.
The training process itself reads like a cyberpunk novel. Criminal syndicates are scraping terabytes of data from encrypted forums, stolen corporate emails, leaked government documents, and successful phishing campaigns. They’re feeding this toxic dataset into open-source AI frameworks, creating models that think like criminals because they’ve learned from criminals.
One underground forum recently advertised a position for “AI training specialists” offering $10,000 per month in Monero cryptocurrency. The job description? Curating datasets of successful social engineering attacks and training models to replicate them at scale.
The Capabilities That Should Terrify You
Modern criminal AI goes far beyond generating convincing Nigerian prince emails. Here’s what’s currently available on underground markets:
Voice Synthesis Fraud Systems: These models can clone anyone’s voice from a 30-second sample, then generate real-time conversations. One documented case involved criminals using such a system to impersonate a CEO during a video call, successfully authorizing a $35 million transfer.
Automated Vulnerability Discovery: These AIs scan millions of lines of code, identifying zero-day exploits faster than human researchers. They’re then packaging these discoveries into turnkey exploitation kits.
Psychological Manipulation Engines: By analyzing social media profiles, these models craft personalized manipulation campaigns. They know whether to appeal to your ego, your fears, or your compassion based on your posting history.
Document and Evidence Forgery: Need a fake medical report, court document, or academic transcript? These models can generate them complete with appropriate terminology, formatting, and even realistic typos.
The Economics of AI Crime
The financial ecosystem around criminal AI is sophisticated and growing. Conservative estimates suggest the dark web AI market exceeded $400 million in 2024. Here’s the breakdown:
Licensing Fees: $60-$500/month per user for basic access
Custom Training: $50,000-$200,000 for bespoke models
Per-Attack Pricing: $10-$100 per successful phishing email generated
Enterprise Packages: $10,000+/month for criminal organizations
Payment happens through cryptocurrency tumblers, making transactions nearly impossible to trace. Some services now accept payment in computational power — users can “mine” access by contributing their GPUs to train the next generation of criminal models.
Why Defense Is Failing
Traditional cybersecurity approaches are woefully unprepared for AI-powered attacks. Email filters trained on yesterday’s phishing attempts can’t recognize AI-generated content that’s never been seen before. Each message is unique, personalized, and constantly evolving.
Security researchers are playing catch-up with tools like DarkBERT for defense, but they’re constrained by ethics and legality. Criminal developers have no such limitations. They’re experimenting with techniques that would never pass an institutional review board:
Training models on actual victim responses to refine manipulation tactics
Using stolen therapy session transcripts to improve psychological targeting
Incorporating real-time feedback loops where successful attacks immediately update the model
The Next Evolution
If current trends continue, here’s what’s coming:
Autonomous Attack Networks: AI models that independently identify targets, craft attacks, execute them, and launder the proceeds without human intervention.
Deepfake Convergence: Integration of text, voice, and video generation into unified impersonation systems indistinguishable from reality.
Cross-Language Crime: Models that can operate seamlessly across languages and cultures, enabling Nigerian scammers to perfectly impersonate Japanese businessmen or Mexican cartels to negotiate with Russian hackers.
AI vs AI Warfare: Criminal models designed specifically to attack and corrupt legitimate AI systems, poisoning datasets and manipulating outputs.
What Happens Now?
The genie is out of the bottle. Open-source AI democratized artificial intelligence, but it also democratized AI crime. Every breakthrough in legitimate AI research gets weaponized within months, sometimes weeks.
Law enforcement is overwhelmed. Most cybercrime units lack the expertise to even understand these threats, let alone combat them. By the time legislation catches up, criminals will be three generations ahead.
The most chilling aspect? We’re only seeing the tip of the iceberg. For every WormGPT that gets publicity, dozens operate in complete darkness. The real innovation is happening in criminal laboratories we don’t even know exist.
Your grandmother getting scammed by a fake tech support call? That’s yesterday’s crime. Tomorrow’s version will feature an AI that sounds exactly like you, knows your family history, and can maintain a convincing conversation for hours.
The Uncomfortable Truth
Here’s what nobody wants to admit: criminal AI might actually be advancing faster than legitimate AI in certain domains. When you remove all ethical constraints, ignore safety protocols, and have unlimited access to illegal training data, you can build models that do things Silicon Valley wouldn’t dream of.
These aren’t bedroom hackers anymore. They’re organized, funded, and innovative. They’re hiring PhD researchers, offering competitive salaries, and building infrastructure that rivals tech giants. The only difference? Their IPO involves ransoming hospitals, not ringing the bell on Wall Street.
The age of AI crime isn’t coming. It’s here. And it’s more sophisticated, accessible, and dangerous than most people realize. While we debate whether AI should be allowed to say controversial things, criminals are building AI that can destroy lives with surgical precision.
The question isn’t whether criminal AI will become a major threat. It’s whether we’ll acknowledge the threat before it’s too late to mount any meaningful defense.
References
Dark AI tools: How profitable are they on the dark web? — Outpost24. (Updated 04 July 2025). Covers WormGPT, FraudGPT, DarkBERT, pricing, underground marketing through Telegram/forums. Outpost24
Link: https://outpost24.com/blog/dark-ai-tools/ Outpost24Impact of Artificial Intelligence on Criminal and Illicit Activities — U.S. Department of Homeland Security. (October 2024). Discusses how criminals use AI (deepfake, manipulation, fraud, illicit content) etc. U.S. Department of Homeland Security
Link: https://www.dhs.gov/sites/default/files/2024-10/24_0927_ia_aep-impact-ai-on-criminal-and-illicit-activities.pdf U.S. Department of Homeland SecurityInside the Rise of ‘Dark’ AI Tools — Scary, But Effective? — BankInfoSecurity, by Mathew J. Schwartz. (August 2023). On WormGPT, dark LLMs used for phishing, etc. BankInfoSecurity
Link: https://www.bankinfosecurity.com/blogs/inside-rise-dark-ai-tools-scary-but-effective-p-3496 BankInfoSecurityThe Dark Side of Generative AI: Five Malicious LLMs Found on the Dark Web — Infosecurity (Kevin Poireault). (August 2023). Details tools like WormGPT, FraudGPT, how they are used, what features they have. infosecurityeurope.com
Link: https://www.infosecurityeurope.com/en-gb/blog/threat-vectors/generative-ai-dark-web-bots.html infosecurityeurope.comThe Rise of AI-Enabled Crime: Exploring the evolution, risks and responses to AI-powered criminal enterprises — TRM Labs. (January 2025). Broader context of how AI aids crime, threats, and responses. TRM Labs
Link: https://www.trmlabs.com/resources/blog/the-rise-of-ai-enabled-crime-exploring-the-evolution-risks-and-responses-to-ai-powered-criminal-enterprises TRM LabsUse of LLMs for Illicit Purposes: Threats, Prevention Measures, and Vulnerabilities — Mozes, He, Kleinberg, Griffin et al. (August 2023). Academic overview of how LLMs are misused (fraud, impersonation, malware), what vulnerabilities exist. arXiv
Link: https://arxiv.org/abs/2308.12833 arXivHomeland Threat Assessment 2025 — U.S. Department of Homeland Security. (September 2024). Mentions concerns about threat actors using advances in AI/ML, etc. U.S. Department of Homeland Security
Link: https://www.dhs.gov/sites/default/files/2024-10/24_0930_ia_24-320-ia-publication-2025-hta-final-30sep24-508.pdf U.S. Department of Homeland SecurityAI Scams Exposed: 13 Tools Driving Scaled Fraud Now — Sardine. (August 2025). Talks about subscription-fraud-as-a-service, phishing, identity spoofing etc. Sardine
Link: https://www.sardine.ai/blog/ai-scams Sardine



