Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Entities

Unknown malicious actors

Incidents involved as Deployer

Incident 10545 Report
Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

2025-04-23

In April 2025, Anthropic published a report detailing several misuse cases involving its Claude LLM, all detected in March. These included an "influence-as-a-service" operation that orchestrated over 100 social media bots; an effort to scrape and test leaked credentials for security camera access; a recruitment fraud campaign targeting Eastern Europe; and a novice actor developing sophisticated malware. Anthropic banned the accounts involved but could not confirm downstream deployment.

More

Incident 10153 Report
Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

2025-04-07

Xanthorox AI is a malicious, modular AI system released on darknet forums in early 2025. Designed from scratch for offensive cyber operations, it runs on private infrastructure and includes models for code generation, phishing, malware, social engineering, and real-time voice/image input. Its release represents a deliberate deployment of an autonomous attack platform.

More

Related Entities
Other entities that are related to the same incident. For example, if the developer of an incident is this entity but the deployer is another entity, they are marked as related entities.
 

Entity

Darknet forum users

Incidents involved as Deployer
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Cyber criminals

Incidents involved as Deployer
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Cyber criminal networks

Incidents involved as Deployer
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Xanthorox AI creators

Incidents involved as Developer
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Unknown black-hat AI developers

Incidents involved as Developer
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Victims of phishing attacks

Incidents Harmed By
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Victims of malware attacks

Incidents Harmed By
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Victims of automated cybercrime

Incidents Harmed By
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

General public

Incidents Harmed By
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Enterprise IT systems

Incidents Harmed By
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Critical infrastructure systems

Incidents Harmed By
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Xanthorox Vision

Incidents implicated systems
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Xanthorox Reasoner Advanced

Incidents implicated systems
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Xanthorox Coder

Incidents implicated systems
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Xanthorox AI

Incidents implicated systems
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Voice and image handling modules

Incidents implicated systems
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Live web scraping module

Incidents implicated systems
  • Incident 1015
    3 Reports

    Reported Darknet Launch of Xanthorox AI Introduces Autonomous Cyberattack Platform

More
Entity

Unknown cybercriminals

Incidents involved as Deployer
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

Influence-as-a-service operators

Incidents involved as Deployer
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

Anthropic

Incidents involved as Developer
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

social media users

Incidents Harmed By
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

People targeted by malware

Incidents Harmed By
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

Job seekers in Eastern Europe

Incidents Harmed By
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

IoT security camera owners

Incidents Harmed By
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

LLM-enhanced malware toolkits

Incidents implicated systems
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

Claude AI models

Incidents implicated systems
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

Claude

Incidents implicated systems
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More
Entity

AI-generated social media bots

Incidents implicated systems
  • Incident 1054
    5 Reports

    Anthropic Report Details Claude Misuse for Influence Operations, Credential Stuffing, Recruitment Fraud, and Malware Development

More

Research

  • Defining an “AI Incident”
  • Defining an “AI Incident Response”
  • Database Roadmap
  • Related Work
  • Download Complete Database

Project and Community

  • About
  • Contact and Follow
  • Apps and Summaries
  • Editor’s Guide

Incidents

  • All Incidents in List Form
  • Flagged Incidents
  • Submission Queue
  • Classifications View
  • Taxonomies

2024 - AI Incident Database

  • Terms of use
  • Privacy Policy
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • 1420c8e