Google warns criminals are building and selling illicit AI tools - and the market is growing

News
By published

A new black market for AI crime tools is on the rise, Google warns

Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
(Image credit: Shutterstock/SomYuZu)
  • AI tools are being purpose built for criminals, new GTIG report finds
  • These tools side-step AI guardrails designed for safety
  • 'Just-in-time' AI malware shows how criminals are evolving their techniques

Google’s Threat Intelligence Group has identified a worrying shift in AI trends, with AI no longer just being used to make criminals more productive, but also now being specially developed for active operations.

Its research found Large Language Models (LLMs) are being used in malware in particular, with ‘Just-in-Time’ AI like PROMPTFLUX - which is written in VBScript and engages with Gemini’s API to request ‘specific VBScript obfuscation and evasion techniques to facilitate "just-in-time" self-modification, likely to evade static signature-based detection’.

This illustrates how criminals are experimenting with LLMs to develop ‘’dynamic obfuscation techniques’ and targeting victims. The PROMPTFLUX samples examined by Google suggest that this code family is currently in the testing phase - so it could get even more dangerous once criminals develop them further.

Built for harm

The marketplace for legitimate AI tools is maturing, and so is the criminal black market. Underground forums offer purpose-built AI tools that help lower the barrier for criminals to engage in illicit activities. This is bad news for everyone, since criminals no longer have to be particularly skilled to carry out complex cyberattacks, and they have a growing number of options.

Threat actors are using tactics reminiscent of social engineering to side-step AI safety features - pretending to be ‘cybersecurity researchers’ in order to convince Gemini to provide them with information that might otherwise be prohibited.

But who’s behind these incidents? Well, the research identifies, perhaps unsurprisingly, links to state-sponsored actors from Iran and China. These campaigns have a range of objectives, from data exfiltration to reconnaissance - similar to previously observed influence operations by the states, also using AI tools.

Since AI tools have become popularized, both criminals and security teams have been using the tools to boost productivity and assist in operations - and it’s not quite clear who has the upper hand.

Best identity theft protection header
The best ID theft protection for all budgets

➡️ Read our full guide to the best identity theft protection
1. Best overall:
Aura
2. Best for families:
IdentityForce
3. Best for credit beginners:
Experian IdentityWorks

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.