Content without brakes: criminal AI service appeared on the darknet
A new AI service has appeared on the darknet, devoid of any built-in restrictions, and it quickly attracted the attention of cybersecurity experts. The attackers began to actively use the bot in fraudulent schemes, in the development of viruses, the dissemination of extremist materials and the creation of content on the sexual exploitation of children. For more information about what is known about the new criminal AI service, the threats associated with it, and ways to combat them, see the Izvestia article.
What is known about the new criminal AI service from the darknet
The fact that a new AI service N has appeared on the darknet (the editors do not give its name for ethical reasons), devoid of any built-in restrictions, was reported by Resecurity specialists. According to their data, the attackers began to actively use the bot in fraudulent schemes, in the development of viruses, the dissemination of extremist materials and the creation of content on the sexual exploitation of children.
Experts discovered the first traces of N on September 29, 2025. Almost immediately after the launch, the service's administrator began actively promoting it on one of the darknet forums. At the same time, he boasted about the load — allegedly, in just the first day, the new AI system processed about 10 thousand requests. Experts note that in the fourth quarter of last year, the interest of intruders in the new tool increased significantly, and the onset of the winter holiday season only accelerated the spread of the bot.
A series of tests conducted by Resecurity staff showed that N does not hesitate to answer questions related to the manufacture of explosives, drugs and other prohibited substances, financial fraud and other topics restricted by international law. As part of the experiments, the AI system also created fully functional malicious scripts, including codes for installing backdoors and other types of malicious software. According to analysts, all the results obtained are quite suitable for practical application.
Who creates criminal AI services and why
AI services like N are created by members of darknet communities that are focused on monetizing criminal activity, Nikita Novikov, an expert on cybersecurity at Angara Security, told Izvestia. The purpose of creating such tools is to remove all the restrictions that exist on legal AI platforms: moderation, filters, legal liability, and user identification.
— For hackers, this is a way to get a universal tool that can be used for fraud, attack preparation or the generation of prohibited content without the risk of blocking, — says the specialist. — In addition, such services lower the threshold for entry into cybercrime, allowing people without technical expertise to quickly implement illegal scenarios.
N and its analogues are also being created to automate criminal schemes, adds Konstantin Gorbunov, a leading expert on network threats and web developer at Security Code. In addition, shadow developers may be motivated by ideological motives. In turn, Ekaterina Edemskaya, an analytical engineer at Gazinformservice, believes that the appearance of N is an extremely alarming sign for the field of cybersecurity.
The fact is that, unlike its analogues, this AI service does not require registration, payment, or even an account. The creators deliberately removed all restrictions in order to attract a criminal audience, and their own infrastructure makes the service resistant to blocking. This is a tool for real crimes, the danger of which is that it turns complex tasks into a routine: a fraudster no longer needs programming skills to create a virus or phishing newsletter.
"Even the slow operation of the service is a temporary problem: if demand increases, cybercriminals will simply invest money in capacity," warns Ekaterina Edemskaya. — It's especially scary that N is already being advertised on forums where drugs and stolen data are traded, which clearly outlines its target audience.
Which analogues of N have been encountered before and how dangerous are they?
N is not the first criminal AI service: its analogues have been encountered before, says Ekaterina Edemskaya. However, they worked differently — they required subscriptions, registration, and depended on third-party clouds, which made them vulnerable to blockages. For example, one of these services was sold for cryptocurrency as a tool for phishing and financial fraud, but after six months its activity came to naught due to pressure from law enforcement and technical failures.
"Another tool, which was positioned as an "analog of ChatGPT without morality," also did not take root — its infrastructure was partially dismantled after the administrators' data was leaked," says the Izvestia interlocutor. At the same time, early services rarely committed the most serious crimes. However, N, on the contrary, openly advertises such functions, which indicates a new level of cynicism. Most of the previous projects disappeared due to weak monetization or arrests of operators.
In general, the cycle of such services is similar — after gaining popularity, the attention of law enforcement agencies is attracted, which creates risks for the creators of the service, Konstantin Gorbunov agrees. As a result, the service may change its name, domain, site, or its source codes will be transferred to "followers".
Meanwhile, the main danger of N and its analogues lies in scaling, says Artem Zhadeev, sales director at Stakhanovets and information security expert. One person with such a tool can organize a large-scale fraudulent mailing list in a short time, produce false content on an industrial scale for harassment or manipulation, as well as generate content for blackmail. This not only increases the number of incidents, but also dramatically increases their quality, overloading security systems. The threat is becoming massive and sophisticated at the same time.
How to deal with criminal AI services
The fight against threats like N requires coordinated actions on several fronts at once, Ekaterina Edemskaya says in an interview with Izvestia. Intelligence agencies and cybersecurity experts should monitor the darknet more actively, using the same AI to track dangerous services, for example, analyzing abnormal activity on forums or traffic patterns through Tor.
— It is important to establish international cooperation: Projects like N know no borders, and only the joint efforts of law enforcement officers will be able to eliminate their infrastructure," the expert notes. — Technical measures are also critical: providers can block Tor nodes associated with criminal sites, and companies must share vulnerability data in order to quickly neutralize malicious scripts.
According to Ekaterina Edemskaya, it is equally important to work with the root of the problem — to regulate AI at the development stage. Lawmakers should oblige creators to implement "ethical locks" even in open-source models, and clouds should monitor suspicious requests. Ordinary users need to be taught to recognize phishing, and businesses need to protect data so that leaks do not fall into the hands of criminals.
Even a free website depends on the audience: the fewer victims and accomplices there are, the fewer resources it has, the expert notes. Therefore, it is worth putting pressure on the economy of such services by blocking crypto wallets related to advertising on drug forums, or attacking their reputation on the darknet.
— With the further development of artificial intelligence, such "garage" models will die on their own — due to their obsolescence and weak capacities. Ordinary cybercrime simply won't be able to keep up with legal models that require billions of dollars to operate," concludes Alexander Gostev, chief technology expert at Kaspersky Lab.
Переведено сервисом «Яндекс Переводчик»
