A new artificial intelligence platform known as Xanthorox AI has been discovered by cybersecurity firm SlashNext, specifically tailored for offensive cyber operations. This cutting-edge AI tool made its first appearance in late Q1 of 2025 and has since been circulating within cybercrime communities on darknet forums and encrypted channels.
The investigation conducted by SlashNext, shared exclusively with Hackread.com prior to its scheduled release, reveals that Xanthorox AI distinguishes itself from previous malicious AI tools like WormGPT, FraudGPT, and EvilGPT due to its unique independent, multi-model framework. This system is based on five distinct AI models optimized for specific cyber operations, all hosted on private servers controlled by the seller rather than relying on public cloud infrastructure or openly accessible APIs. This differentiating feature sets Xanthorox AI apart from its predecessors that often relied on existing large language models such as LLMs.
Xanthorox AI is a custom-built platform utilizing fully custom-built language models rather than established models like LLaMA or Claude. Marketed as a modular system capable of code generation, vulnerability exploitation, data analysis, and integrated voice and image processing, this platform enables automated and interactive attacks. Its modular design allows for future updates or the replacement of specific functionalities, with built-in voice and image handling modules for added versatility.
The toolkit includes the Xanthorox Coder, designed to automate tasks like code creation and script development, while Xanthorox Vision adds visual intelligence by allowing users to upload images or screenshots for analysis. Reasoner Advanced aims to mimic human decision-making processes, supporting tasks requiring logical consistency and persuasive communication. Additionally, Xanthorox AI offers voice-based interaction through real-time voice calls and asynchronous voice messaging, allowing for hands-free command and control.
Researchers have noted that Xanthorox AI represents a significant advancement in cyberattack capabilities, offering a versatile hacking assistant that can enhance the precision and scalability of phishing campaigns and malware creation. This comprehensive tool has garnered attention for its all-in-one capabilities and modular architecture, making it a valuable asset for cybercriminal operations.
The emergence of Xanthorox AI underscores the importance of implementing advanced AI-powered detection technologies in cybersecurity defenses. These technologies include AI-powered threat detection platforms for behavioural anomaly analysis and signature-less malware identification, email security solutions incorporating AI-based content and intent analysis, and network security measures integrating AI-driven intrusion detection and prevention systems.
Casey Ellis, the Founder of Bugcrowd, a leader in crowdsourced cybersecurity based in San Francisco, described Xanthorox AI as a “fascinating development” within the cybercriminal ecosystem. He emphasized the specialized groups and “startups” within this industry creating competitive advantages through innovation and differentiation. Ellis commended the thought and research behind Xanthorox AI, highlighting the local model tuning that sets it apart from major vendors and praising the expert mix as an effective strategy for building a flexible AI-powered attack platform.
Overall, Xanthorox AI represents a significant evolution in malicious AI tools, showcasing the ongoing advancement of cybercrime capabilities and the need for robust cybersecurity measures to defend against such sophisticated threats. Its modular design, advanced features, and versatility make it a formidable tool for cyber attackers, highlighting the continuous arms race between cybercriminals and defenders in the digital landscape.