Darknet’s Xanthorox AI Offers Customizable Tools for Hackers

A self-contained AI system engineered for offensive cyber operations, Xanthorox AI, has surfaced on darknet forums and encrypted channels.

Introduced in late Q1 2025, it marks a shift in the threat landscape with its autonomous, modular structure designed to support large-scale, highly adaptive cyber-attacks.

Built entirely on private servers, Xanthorox avoids using public APIs or cloud services, significantly reducing its visibility and traceability.

It incorporates five specialized language models, offline functionality and live search scraping via over 50 engines, positioning itself as a full-spectrum hacking toolkit. This includes code and malware generation, image and file analysis and real-time voice interaction.

Advanced Capabilities and Evolving Threats

According to SlashNext, who discovered the platform, its core is Xanthorox Coder, capable of scripting, exploiting vulnerabilities and developing malware.

Xanthorox Vision handles visual intelligence, allowing the interpretation of screenshots and extracted image data.

Meanwhile, Reasoner Advanced mimics human logic to generate convincing and consistent outputs, for manipulation and social engineering.

“[This] is the culmination of where AI has evolved to at this moment in time,” said Kris Bondi, CEO and co-founder of Mimoto.

“Self-directed, autonomous cyber-attacks can hyper-charge bad actors’ ability to innovate their attacks.”

Bondi pointed out that even low success rates may be acceptable to attackers using AI like Xanthorox.

“If only 10% of its attacks are successful, it may be seen as a starting point on which to learn and improve,” she said. “If an organization only detected and responded to 10% of attacks, the results would be devastating.”

Read more on evolving large language model-based threats: Gartner Warns Agentic AI Will Accelerate Account Takeovers

Bondi added that the platform’s ability to evolve creates further challenges for defenders.

“Likely, its attacks will not remain the same,” she said. “Learnings from the past […] have less and less value when trying to combat an attack from LLMs that have learned and evolved.”

A Crowdsourced Security Perspective

“This is a fascinating development,” said Casey Ellis, founder at Bugcrowd.

“It’s easy to think of the cybercriminal ecosystem as one big amorphous blob of badness when in reality it operates much like any service and platform industry.”

Ellis highlighted the strategic depth behind Xanthorox’s design.

“There’s clearly a lot of thought and R&D that has been applied to this toolkit,” he said. “This is definitely the most effective approach to building a flexible AI-powered attack platform.”

As platforms like Xanthorox emerge, the balance continues to tip toward highly agile, automated threats. The burden now lies with defenders to anticipate and match this speed with equally adaptive protection.