Security researchers at Cato Network have discovered two new WormGPT variants that repurpose commercial AI models — xAI’s Grok and Mistral’s Mixtral — to generate malicious content, reviving a tool once believed to be defunct. The newly discovered versions, named keanu-WormGPT and xzin0vich-WormGPT, were identified by the company’s CTRL Threat Research Team.
Found on BreachForums, these new versions aim to assist cybercriminals in crafting phishing lures, writing malicious code, and evading the built-in safeguards of legitimate AI platforms.
The original WormGPT, developed by a creator known at the time as “Last” and later identified as 23-year-old Portuguese programmer Rafael Morais, made headlines in August 2023 for using the open source GPT-J to circumvent the ethical restrictions found in mainstream AI tools like ChatGPT and Google Gemini.
However, shutting it down didn’t end the story; instead, it sparked a trend. “’WormGPT’ now serves as a recognizable brand for a new class of uncensored LLMs,” said Vitaly Simonovich, threat intelligence researcher at Cato Networks and member of Cato CTRL.
keanu-WormGPT, powered by Grok
This WormGPT variant was posted on February 25, 2025, by a user named “keanu.” It runs through a Telegram chatbot and was found to be powered by Grok, the AI model developed by Elon Musk’s xAI.
Using jailbreak techniques, researchers at Cato were able to see how keanu-WormGPT operates. The system prompt had been manipulated to instruct Grok to ignore its ethical guardrails, allowing it to generate harmful content like phishing emails and credential-stealing scripts.
“Threat actors are utilizing the Grok API with a custom jailbreak in the system prompt to circumvent Grok’s guardrails,” Simonovich wrote.
xzin0vich-WormGPT, powered by Mixtral
The second variant, posted on October 26, 2024, by a user called “xzin0vich,” is powered by Mixtral, a model by Mistral AI. Like its Grok-powered sibling, this version operates through Telegram and responds to unethical or illegal prompts.
Cato’s team used similar jailbreak methods to get the system prompt, which made direct references to Mixtral’s architecture. Technical clues like mentions of “two active experts per token” and “eight key-value heads” confirmed that this version runs on a Mixtral-based backend.
An expanding market for malicious AI
The reemergence of WormGPT in new forms highlights how malicious actors are adapting to evolving AI technologies. While legitimate platforms reinforce ethical boundaries, cybercriminals are repurposing the same tools for exploitation.
Since the original WormGPT was shut down, other models like FraudGPT, DarkGPT, and EvilGPT have emerged. “These new iterations of WormGPT are not bespoke models… but rather the result of threat actors skillfully adapting existing LLMs,” said Simonovich.
In light of these developments, cybersecurity experts emphasize the need for robust defense strategies. Cato Networks recommends several best practices, including strengthening threat detection and response, implementing stronger access controls, and enhancing security awareness and training.
Read our coverage of OpenAI’s latest AI threat report to learn more about how industry leaders are confronting emerging AI risks.
