Kaspersky Warns of ‘Dark AI’ Threat as Nation-State Hackers Weaponise Generative Models

KUALA LUMPUR, 16 Aug 2025 – Cybersecurity firm Kaspersky is warning of an escalation in cyber warfare tactics as nation-state advanced persistent threats (APTs) increasingly deploy “Dark AI” — large language models (LLMs) operated without ethical or security constraints — to carry out stealthier and more sophisticated attacks across the Asia Pacific region.

According to Sergey Lozhkin, Head of Global Research & Analysis Team (GReAT) for META and APAC, the rise of Dark AI is reshaping the threat landscape, with malicious actors leveraging AI to automate deception, phishing, malware creation, and deepfake generation at unprecedented scale.

Kaspersky notes that these AI models — dubbed Black Hat GPTs — first emerged in mid-2023, with known examples including WormGPT, DarkBard, FraudGPT, and Xanthorox. While once mainly used by cybercriminals, such tools are now reportedly in the hands of state-backed hacking groups.

Dark AI Threats:

• Dark AI Definition: Non-restricted LLMs deployed for malicious or unethical purposes, operating outside governance or compliance controls.
• Nation-State Use: Kaspersky warns of APTs weaponising Dark AI for covert influence, multilingual disinformation, and real-time social engineering.
• Black Hat GPTs: Private or semi-private AI tools capable of generating malicious code, phishing content, deepfakes, and aiding Red Team operations.
• Rising Incidents: OpenAI recently disrupted over 20 covert operations attempting to misuse its AI tools for cyber and influence campaigns.
• Security Gap: Even with safeguards, APTs are persistent; Dark AI tools are becoming more accessible and capable.

Kaspersky’s Defence Recommendations:

• Deploy next-gen security solutions like Kaspersky Next to detect AI-powered threats.
• Utilise real-time threat intelligence to track AI-driven exploits.
• Implement strict access controls and staff training to mitigate risks from shadow AI.
• Establish a Security Operations Centre (SOC) for 24/7 monitoring and rapid incident response.

Lozhkin cautioned that as AI becomes both an offensive and defensive weapon, cybersecurity teams must match the speed and creativity of attackers:

“AI is the shield and Dark AI is the sword. We must prepare for a more cunning and persistent generation of cyber threats.”

Business News