Hands typing showing AI chatbot for hackers

Black Hat Hackers Have Their First “Brand Name” AI Chatbot in Venice.ai

Use of AI chatbots by malicious hackers has largely been limited to polishing up their English (or other non-native languages) to send phishing emails to this point, but the emergence of “Venice.ai” may mark the beginning of a new stage of the security race.

Available for free via the “clear web,” the service promises capabilities on par with ChatGPT and other popular models but with no guardrails or security restrictions in place. Security researchers found that includes the creation of malicious code, to include ransomware scripts, and spyware apps tailored to specific devices.

First readily-accessible guardrail-free AI chatbot mimics legitimate subscription models

The AI chatbot offers “free” and paid “premium” levels of access, like many of its more familiar counterparts. Anyone can access the free version via a web browser, which retains certain safety guardrails that limit its functionality and restrict the amount of user activity; a payment of $18 USD per month unlocks the full version with no restrictions on usage or the type of content it will output.

This is, of course, hardly the first time criminals have experimented with AI chatbots. But to this point the market was an expensive and generally underwhelming one. In 2024 researchers noted an underground market for jailbroken models such as “FraudGPT” and “WormGPT,” but these were generally sold on hacker forums for very high prices and required user setup.

Venice.ai is the first known easily-accessible “as a service” version of this concept that criminals seem to be taking to as a reputable brand name, and the first to offer any kind of free access to higher-level capabilities.

The new AI chatbot has some other unique selling points: it offers its clientele total privacy, with a promise of not keeping any chat logs, and it taps into jailbroken versions of a variety of the leading legitimate commercial LLMs. Users can even access and modify system prompts to further customize the LLM’s behavior.

Security researcher testing indicates that the AI chatbot still provides only a certain level of assistance, far from automating every step of an attack or generating novel and creative malware. Its main threat to the public is in drastically increasing the amount of attackers wielding tools that are at least basically competent. It is unsurprisingly very good at generating complete phishing email templates, but can also provide at least basic and functional malicious code. Researchers prompted it to create both a Windows keylogger in C# and a Python-based ransomware script that included both instructions for use and, in the latter case, a ransom note. It was also prompted to create an Android spyware app that attempts to surreptitiously activate the target device’s microphone, compress recorded audio files and pass them along to a server under the attacker’s control.

Can rogue AI models be kept under control?

AI models have incorporated increasingly sophisticated guardrails to prevent abuse, but they continue to have exploitation problems. Models with self-hosting options, such as DeepSeek, will always have obvious jailbreaking issues. Many of the most popular (and powerful) AI models only offer a cloud-based option, but even these have had ongoing issues with corruption by carefully-crafted prompts and other tricks.

The issue can also be clouded by the mission of the company. Venice.ai is not marketed as a product for criminals; rather, it has been promoted since it launched in 2024 as a privacy-focused and uncensored alternative to the major AI models. Other models put obvious restrictions on things like assisting with criminal hacking or terrorism, but go farther than that into delineating what sort of speech is or is not acceptable. That creates a natural market for “unfiltered” AI models for those that do not want capabilities limited by what might be purely political or legal liability considerations. Venice.ai was founded by former cryptocurrency exchange operator Erik Tristan Voorhees as a decentralized project, reflecting broader ongoing conflicts in the decentralized finance world between ideals and the reality of the utility to criminals.

In terms of that utility, phishing attacks have been on the rise as of late, after something of an ebb in 2023 and 2024. AI chatbots are likely a substantial factor in this, providing attackers with the ability to not just polish their grammar but also quickly craft templates that look like official organization communications. These tools are also assisting attackers in crafting realistic-looking phishing landing pages and even malicious banner ads that can sometimes be slipped into legitimate advertising networks. The malware aspect of AI chatbots remains at a rudimentary level, but it is lowering the bar for technically inexperienced attackers to get in and potentially begin levying attacks at more unprepared targets that just might land.