Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse

Incident 1015: Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

Description: Xanthorox AI is a malicious, modular AI system released on darknet forums in early 2025. Designed from scratch for offensive cyber operations, it runs on private infrastructure and includes models for code generation, phishing, malware, social engineering, and real-time voice/image input. Its release represents a deliberate deployment of an autonomous attack platform.
Editor Notes: At present we are unaware of any incident involving Xanthorox, but its release, capabilities, indicated purpose, and wide availability lead us to believe that the absence of current evidence is more the result of inadequate time or reporting and less the absence of past or imminent harm. If and when the first harm event occurs (i.e., "incident") we will add its reports to this incident ID. You can subscribe to this incident number to receive an email notification should that occur.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Entities

View all entities
Alleged: Xanthorox AI creators and Unknown black-hat AI developers developed an AI system deployed by Unknown malicious actors , Darknet forum users , Cyber criminals and Cyber criminal networks, which harmed Victims of phishing attacks , Victims of malware attacks , Victims of automated cybercrime , General public , Enterprise IT systems and Critical infrastructure systems.
Alleged implicated AI systems: Xanthorox Vision , Xanthorox Reasoner Advanced , Xanthorox Coder , Xanthorox AI , Voice and image handling modules and Live web scraping module

Incident Stats

Incident ID
1015
Report Count
3
Incident Date
2025-04-07
Editors
Daniel Atherton

Incident Reports

Reports Timeline

+2
Xanthorox AI – The Next Generation of Malicious AI Threats Emerges
Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet
Xanthorox AI – The Next Generation of Malicious AI Threats Emerges

Xanthorox AI – The Next Generation of Malicious AI Threats Emerges

slashnext.com

Darknet’s Xanthorox AI Offers Customizable Tools for Hackers

Darknet’s Xanthorox AI Offers Customizable Tools for Hackers

infosecurity-magazine.com

Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet

Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet

esecurityplanet.com

Xanthorox AI – The Next Generation of Malicious AI Threats Emerges
slashnext.com · 2025

The Next Evolution in Black-Hat AI

A new player has entered the cybercrime AI landscape -- Xanthorox AI, a malicious tool that brands itself as the "Killer of WormGPT and all EvilGPT variants." 

First spotted in late Q1 2025, Xanthorox bega…

Darknet’s Xanthorox AI Offers Customizable Tools for Hackers
infosecurity-magazine.com · 2025

A self-contained AI system engineered for offensive cyber operations, Xanthorox AI, has surfaced on darknet forums and encrypted channels.

Introduced in late Q1 2025, it marks a shift in the threat landscape with its autonomous, modular str…

Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet
esecurityplanet.com · 2025

A new and dangerous AI-powered hacking tool is making waves across the cybercrime underworld --- and experts say it could change the way digital attacks are launched.

Called Xanthorox AI, the tool was first spotted earlier this year on dark…

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Wikipedia Vandalism Prevention Bot Loop

Wikipedia Vandalism Prevention Bot Loop

Feb 2017 · 6 reports
Hackers Break Apple Face ID

Hackers Break Apple Face ID

Sep 2017 · 24 reports
Game AI System Produces Imbalanced Game

Game AI System Produces Imbalanced Game

Jun 2016 · 11 reports
Previous IncidentNext Incident

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Wikipedia Vandalism Prevention Bot Loop

Wikipedia Vandalism Prevention Bot Loop

Feb 2017 · 6 reports
Hackers Break Apple Face ID

Hackers Break Apple Face ID

Sep 2017 · 24 reports
Game AI System Produces Imbalanced Game

Game AI System Produces Imbalanced Game

Jun 2016 · 11 reports

Research

  • Defining an “AI Incident”
  • Defining an “AI Incident Response”
  • Database Roadmap
  • Related Work
  • Download Complete Database

Project and Community

  • About
  • Contact and Follow
  • Apps and Summaries
  • Editor’s Guide

Incidents

  • All Incidents in List Form
  • Flagged Incidents
  • Submission Queue
  • Classifications View
  • Taxonomies

2024 - AI Incident Database

  • Terms of use
  • Privacy Policy
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • 1420c8e