sehin.eu
Back to Security Notes

Dark AI: How Criminal LLMs Lower the Barrier for Cybercrime

A few years ago, a script kiddie had a problem.

They could download tools. They could copy commands. They could follow tutorials. They could run someone else's code.

But when something broke, they were usually stuck.

They did not understand the error. They did not know how to modify the code. They could not adapt the tool properly. They could not write convincing phishing text. They could not build a realistic scam page. They could not troubleshoot a failed attack chain without help from forums, Telegram groups, or more experienced criminals.

That barrier is becoming weaker.

Large language models changed the game.

Not because AI magically turns idiots into elite hackers. It does not.

But it can turn an idiot into a more productive idiot.

And in cybercrime, that is already enough to create problems.

What Are "Dark AI" or Criminal LLMs?

A normal large language model is designed to help with writing, coding, research, translation, analysis, and other legitimate tasks.

A criminal or "dark" LLM is different.

It is marketed or modified for abuse.

These tools are often advertised in underground communities as assistants for phishing, malware development, scam writing, fraud, social engineering, spam, and evasion. Some are exaggerated scams themselves. Some are just poorly wrapped versions of public models. Some are jailbroken models with fewer restrictions. Some are private tools created for specific criminal groups.

The marketing is usually ridiculous:

"Undetectable malware." "Unlimited phishing." "Bypass all antivirus." "Create ransomware in minutes." "Perfect hacking assistant."

Of course, most of that is fantasy.

Criminals lie to customers too. Shocking, I know.

But even if many of these tools are overhyped, the general direction is real: AI lowers the skill barrier.

The Dangerous Part Is Not Genius-Level Hacking

The biggest risk is not that AI creates a new generation of brilliant cybercriminals overnight.

The bigger risk is volume.

AI helps low-skill attackers do more of what they already do badly:

  • write better phishing emails
  • translate scams into multiple languages
  • generate fake customer support messages
  • create more convincing fake invoices
  • rewrite malware code they do not understand
  • troubleshoot basic errors
  • create scam websites faster
  • generate social engineering scripts
  • automate spam content
  • imitate business communication styles
  • search for public information more efficiently

None of this requires genius.

That is exactly the problem.

Cybercrime does not need every attacker to be advanced. It only needs many mediocre attackers working faster.

The Script Kiddie Gets a Helper

Before AI, a beginner copying malicious code from a forum might fail at the first error message.

Now they can paste the error into an AI assistant and ask what went wrong.

Before AI, a scammer with poor English produced obvious garbage emails.

Now they can generate clean, professional messages in English, German, French, Spanish, or almost any other language.

Before AI, a fake invoice scam might look suspicious because of bad wording.

Now it can sound like a normal business message.

Before AI, a low-level criminal had to search forums for help.

Now they can ask a model to explain concepts, rewrite scripts, generate templates, or suggest next steps.

Again, this does not make them elite.

It makes them less useless.

That is bad enough.

Malware Creation Becomes Easier, Not Magical

There is a lot of nonsense around "AI-generated malware."

Some people talk as if anyone can press a button and create a Hollywood-level cyberweapon.

Reality is uglier and more boring.

Creating reliable malware still requires technical understanding, testing, infrastructure, delivery methods, evasion, persistence, and operational discipline. AI does not remove all of that.

But AI can help with the smaller pieces.

It can help a beginner understand code. It can help modify existing scripts. It can explain compiler errors. It can generate basic components. It can rewrite code in another language. It can help create convincing text around the attack.

The dangerous shift is not perfection.

The dangerous shift is accessibility.

A person who previously could not create anything useful may now create something crude but functional.

And crude but functional is often enough to harm badly protected systems.

Phishing Gets Much Better

Phishing is where AI is immediately useful.

Old phishing emails were often easy to spot:

Bad grammar. Strange wording. Awkward translations. Generic greetings. Weird formatting. Obvious panic language.

AI removes many of those weaknesses.

A scammer can generate a professional email that sounds like:

  • a supplier chasing payment
  • a manager asking for an urgent transfer
  • a hosting company warning about account suspension
  • a courier service requesting confirmation
  • a tax office notice
  • a Microsoft 365 login warning
  • a customer asking about an invoice
  • a recruiter contacting an employee
  • a bank security message

AI can also adapt tone.

Formal. Friendly. Angry. Brief. Legalistic. Technical. Native-sounding.

This matters because many attacks do not need technical sophistication. They only need one person to believe the message.

Social Engineering Becomes More Personal

AI becomes even more dangerous when combined with OSINT.

Public information can reveal employee names, job titles, suppliers, technologies, locations, business relationships, and writing style.

AI can turn that raw information into convincing messages.

A criminal does not need to be a skilled writer. They can ask the model to create a believable email from a supplier to an accounting department. They can ask for a more polite version. Then a more urgent version. Then a version in German. Then a shorter version for SMS. Then a LinkedIn message. Then a fake support script.

This is where AI helps criminals scale trust abuse.

Not by hacking the server.

By hacking the human process around it.

Small Businesses Are Exposed

Large companies at least have some layers of defense.

Not always good layers, but layers.

Small businesses often have almost none.

Typical weaknesses include:

  • no security awareness training
  • no proper email authentication
  • weak or reused passwords
  • old WordPress installations
  • no monitoring
  • no clear payment approval process
  • no incident response plan
  • personal and business accounts mixed together
  • too much public information online
  • outdated contact details
  • poor backup discipline
  • no one checking logs or alerts

This is exactly where AI-assisted attackers benefit.

They do not need to break advanced defenses if basic defenses are missing.

The Cost Barrier Is Low

This is one of the most uncomfortable parts.

A criminal does not need a research lab.

They may use:

  • stolen accounts
  • cheap subscriptions
  • underground AI tools
  • jailbroken public models
  • rented infrastructure
  • leaked datasets
  • copied code
  • ready-made phishing kits
  • malware builders sold in forums
  • automated scanners

A little money is enough to increase capability.

Not necessarily to become sophisticated.

But enough to become annoying, dangerous, and scalable.

The old beginner was limited by knowledge.

The new beginner is limited mostly by imagination, laziness, and how many tools they can afford.

A depressing upgrade.

AI Also Helps Criminals Communicate

Cybercrime is not only code.

It is business.

Underground groups need advertisements, instructions, fake reviews, negotiations, support messages, recruitment posts, scam scripts, and documentation.

AI can help write all of it.

A criminal marketplace seller can produce polished product descriptions. A scammer can create multiple identities. A fraud group can translate messages for different countries. A phishing operation can generate hundreds of message variations.

The result is more professional-looking crime.

Still dirty.

Just better formatted.

Dark AI Tools Are Also Full of Scams

There is one funny part.

Many so-called criminal AI tools are scams targeting criminals.

Someone advertises a "powerful uncensored hacking AI," takes payment, and delivers garbage. Or nothing. Or a basic wrapper around another model. Or malware hidden inside the tool.

Criminals scamming criminals is not exactly a tragedy.

But defenders should not ignore the trend just because some products are fake.

The underground market does not need every tool to work. It only needs enough tools to be useful, enough buyers to experiment, and enough low-skill attackers to increase noise.

What This Means for Businesses

The practical message is simple:

Do not assume attackers are highly skilled.

Assume they are lazy, automated, and AI-assisted.

That means your business should reduce easy opportunities.

Start with the basics:

  • keep websites and plugins updated
  • remove abandoned systems
  • use strong unique passwords
  • enable multi-factor authentication
  • secure email with SPF, DKIM, and DMARC
  • monitor for leaked credentials
  • review public business information
  • train staff to verify payment requests
  • use clear internal approval processes
  • maintain clean backups
  • check website logs and strange files
  • remove old admin accounts
  • avoid exposing unnecessary technical details

None of this is glamorous.

That is why it works.

Most real-world security is not about cinematic hacking battles. It is about removing stupid openings before stupid attackers find them.

AI Does Not Replace Security Basics

AI-assisted cybercrime sounds modern.

But many attacks still succeed because of old problems:

  • outdated software
  • weak passwords
  • exposed admin panels
  • missing MFA
  • bad email security
  • careless employees
  • poor backups
  • forgotten websites
  • no monitoring

AI makes attackers faster.

It does not make your outdated WordPress plugin less outdated.

It does not make a reused password safe.

It does not make a fake invoice harmless.

It simply gives criminals better tools to exploit the same old weaknesses.

Final Thought

Dark AI does not mean every script kiddie becomes a master hacker.

That would almost be less annoying.

The real problem is that AI makes low-skill attackers more effective.

It helps them write better, code better, translate better, imitate better, troubleshoot better, and scale faster.

With a little money, even a clueless beginner can now create more convincing phishing campaigns, modify malicious scripts, generate scam content, and target businesses with less effort than before.

That is the threat.

Not genius.

Volume.

The internet was already full of lazy attackers with copied tools.

Now some of them have assistants.