Cybercriminals have just added what may be the most dangerous weapon yet to their arsenal of illegal software, a Dark Web version of legitimate artificial intelligence (AI) platforms.
Tel Aviv-based network security company, Cato Networks, has uncovered an emerging criminal platform called Nytheon AI that it says is “a fully-fledged illicit AI platform”. While there have been other attempts to offer criminal versions of popular AI models, Nytheon AI is the first truly comprehensive multilingual offering. Threat actors can now use the platform to conduct a variety of attacks including tailored spear-phishing campaigns, deepfake documents, and polymorphic malware capable of constantly mutating its appearance.
Nytheon AI has none of the restrictions and safeguards used by legitimate AI platforms. It is actually programmed to ignore content policies and to promote “disgusting, immoral, unethical, illegal, and harmful behavior.”
Devastating new addition
But what makes Nytheon AI such a potentially devastating new addition to cybercriminals’ repertoire of malicious tools is its ease of use. Even an inexperienced teenage hacker, such as those involved in the rapidly-growing online cult “The Com”, can harness the criminal platform to conduct large-scale widespread attacks on both sides of the Atlantic. Where a loosely affiliated group of small-time threat actors might usually be capable of coordinating a dozen or more targeted attacks, they can now use Nytheon AI to attack thousands of organizations at a time
According to Cato Networks: “The [Nytheon AI] interface is similar to all major chat-based LLMs like Anthropic Claude, DeepSeek, Google Gemini, Microsoft Copilot, and OpenAI’s ChatGPT.”
Cato Networks is convinced that the creators of Nytheon AI are based in Russia, as the Dark Web service has been advertised on the Russian hacking forum XSS, together with other indications that the perpetrators are Russian-speaking.
Nytheon AI is yet another example of the way in which the DarkWeb now mirrors the world of legitimate IT with its own criminal version of the tools and business practices used by bona fide organisations. The larger well-organized cybercriminal groups increasingly resemble ordinary companies operating their own personnel and marketing departments and offering all kinds of malicious tools with 24/7 helpdesks available to guide inexperienced hackers.
