WormGPT: A New AI Tool Empowering Sophisticated Cyber Attacks

The advancement of generative AI and artificial intelligence has opened up new possibilities in various fields. However, it comes as no surprise that cybercriminals have repurposed this technology to carry out sophisticated attacks. We will explain the details of an AI tool called WormGPT, which has emerged as a potent weapon in the hands of adversaries, particularly for phishing and business email compromise attacks.

The Rise of WormGPT in Cybercriminal Activities

The widespread adoption of generative AI has inadvertently provided an opportunity for cybercriminals to carry out advanced attacks. Researchers have discovered a cybercriminal tool called WormGPT, also known as BoomGPT, which has gained popularity among adversaries. This tool has found application in sophisticated phishing and business email compromise attacks, raising concerns about the security landscape.

Also Read: Cybersecurity in the Age of Digital Risks

Exploring the Dark Side of AI

To understand the implications of WormGPT, it is essential to delve into the realm of cybersecurity. The terms “black hat,” “gray hat,” and “white hat” hackers are commonly used to categorize individuals based on their intentions and activities. Black hat hackers primarily aim to exploit organizations for financial gain, while gray hat hackers fall somewhere in between, exploring vulnerabilities to raise awareness. In contrast, white hat hackers work to secure systems and prevent malicious activities.


WormGPT can be considered as the antithesis of ChargeGPT, a well-known AI model. The author of WormGPT has explicitly described it as the “biggest enemy” of ChargeGPT, enabling users to engage in illegal activities. Unlike the intentions of white hat hackers, WormGPT is used by cybercriminals as a tool to launch attacks and compromise security.

Automating the Creation of Convincing Fake Emails

One of the alarming capabilities of WormGPT is its ability to automate the creation of highly convincing fake emails. By personalizing the content to match the recipient, cybercriminals increase the chances of successful phishing attempts or business email compromise attacks. This automation reduces the risk of suspicion, making it more challenging for victims to identify fraudulent messages.

Also Read: VTunnel: Unlocking the Web’s Potential

Overcoming GPT’s Restrictions and Exploiting APIs

In early February, an Israeli cybersecurity firm revealed how cybercriminals circumvent the restrictions of GPT models by leveraging their APIs. They take advantage of stolen premium accounts and brute force software to gain unauthorized access to GPT accounts. Through massive lists of email addresses and passwords, cybercriminals exploit GPT models, including WormGPT, to launch large-scale attacks without requiring extensive technical knowledge.

Democratization of Sophisticated Attacks through Generative AI

The use of generative AI, exemplified by WormGPT, demonstrates the democratization of sophisticated cyber attacks. Even individuals with limited technical skills can employ this technology to broaden their scope as cybercriminals. Business email compromise attacks, in particular, have become more prevalent and dangerous due to the increasing availability of AI tools like WormGPT.


The success of a technique known as PoisonGPT relies on poisoning the open-source AI model used by WormGPT, such as GPT-J. Malicious actors modify existing models and distribute them through public repositories, infiltrating other applications. This technique, known as supply chain poisoning, enables cybercriminals to impersonate known companies and leverage the trust associated with their names. The recent case of impersonating the company behind GPT-J, Typo Squared, highlights the potential dangers of this approach.

Also Read: 10 Unbelievable AI Tools That Will Blow Your Mind


WormGPT has emerged as a potent AI tool in the hands of cybercriminals, enabling them to conduct sophisticated attacks with ease. This dark side of AI exemplifies the need for robust cybersecurity measures and increased awareness among professionals. Understanding the workings of AI tools like WormGPT is crucial for defending against the evolving threats posed by cybercriminals in the digital landscape.

Leave a Reply