On July 13, researchers from cybersecurity firm SlashNext published a blog post revealing the discovery of WormGPT, a tool being promoted for sale on a hacker forum.

According to the forum user, the WormGPT project aims to be a blackhat “alternative” to ChatGPT, “one that lets you do all sorts of illegal stuff and easily sell it online in the future.”

Also: Scammers are using AI to impersonate your loved ones. Here’s what to watch out for

SlashNext gained access to the tool, described as an AI module based on the GPTJ language model. WormGPT has allegedly been trained with data sources including malware-related information — but the specific datasets remain known only to WormGPT’s author. 

It may be possible for WormGPT to generate malicious code, for example, or convincing phishing emails. 

WormGTP is described as “similar to ChatGPT but has no ethical boundaries or limitations.”

ChatGPT has a set of rules in place to try and stop users from abusing the chatbot unethically. This includes refusing to complete tasks related to criminality and malware. However, users are constantly finding ways to circumvent these limitations.

The researchers were able to use WormGPT to “generate an email intended to pressure an unsuspecting account manager into paying a fraudulent invoice.” The team was surprised at how well the language model managed the task, branding the result “remarkably persuasive [and] also strategically cunning.”

Also: Gmail will help you write your emails now: How to access Google’s new AI tool

While they didn’t say if they tried the malware-writing service, it is plausible that the AI bot could — given that ChatGPT’s limitations do not exist. 

According to a Telegram channel reportedly launched to promote the tool, posts viewed by ZDNET indicate the developer is creating a subscription model for access, ranging from $60 to $700. A channel member, “darkstux,” alleges that there are already over 1,500 users of WormGPT.

No. ChatGPT has been developed by OpenAI, a legitimate and respected organization. WormGMT is not their creation and is an example of how cybercriminals can take inspiration from advanced AI chatbots to develop their own malicious tools. 

Even in the hands of novices and your typical scammer, natural language models could turn basic, easily avoided phishing and BEC scams into sophisticated operations more likely to succeed. There’s no doubt that where money is to be made, cybercriminals will pursue the lead — and WormGPT is only the start of a new range of cybercriminals tools set to be traded in underground markets. 

Also: 6 skills you need to become an AI prompt engineer

It’s also unlikely that WormGPT is the only one out there. 

• Europol: Europol said in the 2023 report, “The impact of Large Language Models on Law Enforcement,” that “it will be crucial to monitor […] development, as dark LLMs (large language models) trained to facilitate harmful output may become a key criminal business model of the future. This poses a new challenge for law enforcement, whereby it will become easier than ever for malicious actors to perpetrate criminal activities with no necessary prior knowledge.”
• Federal Trade Commission: The FTC is investigating ChatGPT maker OpenAI over data usage policies and inaccuracy.
• UK National Crime Agency (NCA): The NCA warns that AI could prompt an explosion in risk to young people and abuse.
• UK Information Commission’s Office (ICO): The ICO has reminded organizations that their AI tools are still bound by existing data protection laws.

Not without covert tactics, but with the right prompts, many natural language models can be persuaded to particular actions and tasks. 

ChatGPT, for example, can draft professional emails, cover letters, resumes, purchase orders, and more. This alone can remove some of the most common indicators of a phishing email: spelling mistakes, grammar issues, and secondary language problems. In itself, this alone could cause a headache for businesses attempting to detect and train their staff to recognize suspicious messages.  

SlashNext researchers say, “cybercriminals can use such technology to automate the creation of highly convincing fake emails, personalized to the recipient, thus increasing the chances of success for the attack.”

Also: 7 advanced ChatGPT prompt-writing tips you need to know

For step-by-step instructions on using ChatGPT for legitimate purposes, check out ZDNET’s guide on how to start using ChatGPT. 

ChatGPT is free to use. The tool can be used to answer general queries, write content and code, or generate prompts for everything from creative stories to marketing projects.