Cybersecurity

Underground AI tools marketed for hacking raise alarms among cybersecurity experts

Cybersecurity researchers say cybercriminals are turning to a growing underground market of customised large language models designed to support low-level hacking tasks.

A new report from Palo Alto Networks’ Unit 42 describes how dark web forums promote jailbroken, open-source and bespoke AI models as hacking assistants or dual-use penetration testing tools, often sold via monthly or annual subscriptions.

Some appear to be repurposed commercial models trained on malware datasets and maintained by active online communities.

These models help users scan for vulnerabilities, write scripts, encrypt or exfiltrate data and generate exploit or phishing code, tasks that can support both attackers and defenders.

Unit 42’s Andy Piazza compared them to earlier dual-use tools, such as Metasploit and Cobalt Strike, which were developed for security testing but are now widely abused by criminal groups. He warned that AI now plays a similar role, lowering the expertise needed to launch attacks.

One example is a new version of WormGPT, a jailbroken LLM that resurfaced on underground forums in September after first appearing in 2023.

The updated ‘WormGPT 4’ is marketed as an unrestricted hacking assistant, with lifetime access reportedly starting at around $220 and an option to buy the complete source code. Researchers say it signals a shift from simple jailbreaks to commercialised, specialised tools that train AI for cybercrime.

Another model, KawaiiGPT, is available for free on GitHub and brands itself as a playful ‘cyber pentesting’ companion while generating malicious content.

Unit 42 calls it an entry-level but effective malicious LLM, with a casual, friendly style that masks its purpose. Around 500 contributors support and update the project, making it easier for non-experts to use.

Piazza noted that internal tests suggest much of the malware generated by these tools remains detectable and less advanced than code seen in some recent AI-assisted campaigns. The wider concern, he said, is that such models make hacking more accessible by translating technical knowledge into simple prompts.

Users no longer need to know jargon like ‘lateral movement’ and can instead ask everyday questions, such as how to find other systems on a network, and receive ready-made scripts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Family warns others after crypto scam costs elderly man £3,000

A South Tyneside family has spoken publicly after an elderly man lost almost £3,000 to a highly persuasive cryptocurrency scam, according to a recent BBC report. The scammer contacted the victim repeatedly over several weeks, initially offering help with online banking before shifting to an ‘investment opportunity’.

According to the family, the caller built trust by using personal details, even fabricating a story about ‘free Bitcoin’ awarded to the man years earlier.

Police said the scam fits a growing trend of crypto-related fraud. The victim, under the scammer’s guidance, opened multiple new bank accounts and was eventually directed to transfer nearly £3,000 into a Coinbase-linked crypto wallet.

Attempts by the family to recover the funds were unsuccessful. Coinbase said it advises users to research any investment carefully and provides guidance on recognising scams.

Northumbria Police and national fraud agencies have been alerted. Officers said crypto scams present particular challenges because, unlike traditional banking fraud, the transferred funds are far harder to trace.

Community groups in Sunderland, such as Pallion Action Group, are now running sessions to educate older residents about online threats, noting that rapid changes in technology can make such scams especially daunting for pensioners.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Online platforms face new EU duties on child protection

The EU member states have endorsed a position for new rules to counter child sexual abuse online. The plan introduces duties for digital services to prevent the spread of abusive material. It also creates an EU Centre to coordinate enforcement and support national authorities.

Service providers must assess how their platforms could be misused and apply mitigation measures. These may include reporting tools, stronger privacy defaults for minors, and controls over shared content. National authorities will review these steps and can order additional action where needed.

A three-tier risk system will categorise services as high, medium, or low risk. High-risk platforms may be required to help develop protective technologies. Providers that fail to comply with obligations could face financial penalties under the regulation.

Victims will be able to request the removal or disabling of abusive material depicting them. The EU Centre will verify provider responses and maintain a database to manage reports. It will also share relevant information with Europol and law enforcement bodies.

The Council supports extending voluntary scanning for abusive content beyond its current expiry. Negotiations with the European Parliament will now begin on the final text. The Parliament adopted its position in 2023 and will help decide the Centre’s location.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Virginia sets new limits on AI chatbots for minors

Lawmakers in Virginia are preparing fresh efforts to regulate AI as concerns grow over its influence on minors and vulnerable users.

Legislators will return in January with a set of proposals focused on limiting the capabilities of chatbots, curbing deepfakes and restricting automated ticket-buying systems. The push follows a series of failed attempts last year to define high-risk AI systems and expand protections for consumers.

Delegate Michelle Maldonado aims to introduce measures that restrict what conversational agents can say in therapeutic interactions instead of allowing them to mimic emotional support.

Her plans follow the well-publicised case of a sixteen-year-old who discussed suicidal thoughts with a chatbot before taking his own life. She argues that young people rely heavily on these tools and need stronger safeguards that recognise dangerous language and redirect users towards human help.

Maldonado will also revive a previous bill on high-risk AI, refining it to address particular sectors rather than broad categories.

Delegate Cliff Hayes is preparing legislation to require labels for synthetic media and to block AI systems from buying event tickets in bulk instead of letting automated tools distort prices.

Hayes already secured a law preventing predictions from AI tools from being the sole basis for criminal justice decisions. He warns that the technology has advanced too quickly for policy to remain passive and urges a balance between innovation and protection.

Proposals that come as the state continues to evaluate its regulatory environment under an executive order issued by Governor Glenn Youngkin.

The order directs AI systems to scan the state code for unnecessary or conflicting rules, encouraging streamlined governance instead of strict statutory frameworks. Observers argue that human oversight remains essential as legislators search for common ground on how far to extend regulatory control.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Australia strengthens parent support for new social media age rules

Yesterday, Australia entered a new phase of its online safety framework after the introduction of the Social Media Minimum Age policy.

eSafety has established a new Parent Advisory Group to support families as the country transitions to enhanced safeguards for young people. The group held its first meeting, with the Commissioner underlining the need for practical and accessible guidance for carers.

The initiative brings together twelve organisations representing a broad cross-section of communities in Australia, including First Nations families, culturally diverse groups, parents of children with disability and households in regional areas.

Their role is to help eSafety refine its approach, so parents can navigate social platforms with greater confidence, rather than feeling unsupported during rapid regulatory change.

A group that will advise on parent engagement, offer evidence-informed insights and test updated resources such as the redeveloped Online Safety Parent Guide.

Their advice will aim to ensure materials remain relevant, inclusive and able to reach priority communities that often miss out on official communications.

Members will serve voluntarily until June 2026 and will work with eSafety to improve distribution networks and strengthen the national conversation on digital literacy. Their collective expertise is expected to shape guidance that reflects real family experiences instead of abstract policy expectations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Character AI blocks teen chat and introduces new interactive Stories feature

A new feature called ‘Stories’ from Character.AI allows users under 18 to create interactive fiction with their favourite characters. The move replaces open-ended chatbot access, which has been entirely restricted for minors amid concerns over mental health risks.

Open-ended AI chatbots can initiate conversations at any time, raising worries about overuse and addiction among younger users.

Several lawsuits against AI companies have highlighted the dangers, prompting Character.AI to phase out access for minors and introduce a guided, safety-focused alternative.

Industry observers say the Stories feature offers a safer environment for teens to engage with AI characters while continuing to explore creative content.

The decision aligns with recent AI regulations in California and ongoing US federal proposals to limit minors’ exposure to interactive AI companions.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UAE strengthens digital transformation with Sharjah’s new integration committee

Sharjah is advancing its digital transformation efforts following the issuance of a new decree that established the Higher Committee for Digital Integration. The Crown Prince formed the body to strengthen oversight and guide government entities as the emirate seeks more coordinated progress.

The committee will report directly to the Executive Council and will be led by Sheikh Saud bin Sultan Al Qasimi from the Sharjah Digital Department.

Senior officials from several departments in the UAE will join him to enhance cooperation across the government, rather than leaving agencies to pursue separate digital plans.

Their combined expertise is expected to support stronger governance and reduce risks linked to large-scale transformation.

Its mandate covers strategic oversight, approval of key policies, alignment with national objectives and careful monitoring of digital projects.

The members will intervene when challenges arise, oversee investments and help resolve disputes so the emirate can maintain momentum instead of facing delays caused by fragmented decision-making.

Membership runs for two years, with the option of extension. The committee will continue its work until a successor group is formed and will provide regular reports on progress, challenges and proposed solutions to the Executive Council.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI development by Chinese companies shifts abroad

Leading Chinese technology companies are increasingly training their latest AI models outside the country to maintain access to Nvidia’s high-performance chips, according to a report by the Financial Times. Firms such as Alibaba and ByteDance are shifting parts of their AI development to data centres in Southeast Asia, a move that comes as the United States tightens restrictions on advanced chip exports to China.

The trend reportedly accelerated after Washington imposed new limits in April on the sale of Nvidia’s H20 chips, a key component for developing sophisticated large language models. By relying on leased server space operated by non-Chinese companies abroad, tech firms are able to bypass some of the effects of US export controls while continuing to train next-generation AI systems.

One notable exception is DeepSeek, which had already stockpiled a significant number of Nvidia chips before the export restrictions took effect. The company continues to train its models domestically and is now collaborating with Chinese chipmakers led by Huawei to develop and optimise homegrown alternatives to US hardware.

Neither Alibaba, ByteDance, Nvidia, DeepSeek, nor Huawei has commented publicly on the report, and Reuters stated that it could not independently verify the claims. However, the developments underscore the increasing complexity of global AI competition and the lengths to which companies may go to maintain technological momentum amid geopolitical pressure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New alliance between Samsung and SK Telecom accelerates 6G innovation

Samsung Electronics and SK Telecom have taken a significant step toward shaping next-generation connectivity after signing an agreement to develop essential 6G technologies.

Their partnership centres on AI-based radio access networks, with both companies aiming to secure an early lead as global competition intensifies.

Research teams from Samsung and SK Telecom will build and test key components, including AI-based channel estimation, distributed MIMO and AI-driven schedulers.

AI models will refine signals in real-time to improve accuracy, rather than relying on conventional estimation methods. Meanwhile, distributed MIMO will enable multiple antennas to cooperate for reliable, high-speed communication across diverse environments.

The companies believe that AI-enabled schedulers and core networks will manage data flows more efficiently as the number of devices continues to rise.

Their collaboration also extends into the AI-RAN Alliance, where a jointly proposed channel estimation technology has already been accepted as a formal work item, strengthening their shared role in shaping industry standards.

Samsung continues to promote 6G research through its Advanced Communications Research Centre, and recent demonstrations at major industry events highlight the growing momentum behind AI-RAN technology.

Both organisations expect their work to accelerate the transition toward a hyperconnected 6G future, rather than allowing competing ecosystems to dominate early development.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

MEPs call for stronger online protection for children

The European Parliament is urging stronger EU-wide measures to protect minors online, calling for a harmonised minimum age of 16 for accessing social media, video-sharing platforms, and AI companions. Under the proposal, children aged 13 to 16 would only be allowed to join such platforms with their parents’ consent.

MEPs say the move responds to growing concerns about the impact of online environments on young people’s mental health, attention span, and exposure to manipulative design practices.

The report, adopted by a large majority of MEPs, also calls for stricter enforcement of existing EU rules and greater accountability from tech companies. Lawmakers seek accurate, privacy-preserving age verification tools, including the forthcoming EU age-verification app and the European digital identity wallet.

They also propose making senior managers personally liable in cases of serious, repeated breaches, especially when platforms fail to implement adequate protections for minors.

Beyond age limits, Parliament is calling for sweeping restrictions on harmful features that fuel digital addiction. That includes banning practices such as infinite scrolling, autoplay, reward loops, and dark patterns for minors, as well as prohibiting non-compliant websites altogether.

MEPs also want engagement-based recommendation systems and randomised gaming mechanics like loot boxes outlawed for children, alongside tighter controls on influencer marketing, targeted ads, and commercial exploitation through so-called ‘kidfluencing.’

The report highlights growing public concern, as most Europeans view protecting children online as an urgent priority amid rising rates of problematic smartphone use among teenagers. Rapporteur Christel Schaldemose said the measures mark a turning point, signalling that platforms can no longer treat children as test subjects.

‘The experiment ends here,’ she said, urging consistent enforcement of the Digital Services Act to ensure safer digital spaces for Europe’s youngest users.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot