Suzu Labs — Dark web operators pivot to frontier LLMs for offensive cyber

AI relevance: Threat intelligence from underground forums shows offensive operators are abandoning safety-stripped models like WormGPT in favor of frontier LLMs — Claude, Gemini, and ChatGPT — using prompt engineering to bypass guardrails, compressing the gap between defensive and offensive AI tooling.

What the research shows

Suzu Labs published dark web intelligence gathered in mid-April 2026 revealing a significant shift in how underground operators use AI for offensive security work. Key findings:

• An anonymous Dread operator (the primary Tor-based forum) posted that they can generate "fully functioning, ready to deploy payloads" from Claude, Gemini, and ChatGPT "with just a little bit of effort," advising others to stop wasting time on ablated open-source models.
• The operator's advice directly contradicts the mainstream security narrative that WormGPT, FraudGPT, and EvilGPT are the primary offensive AI threat — the underground has already moved past them.
• Two days later, another Dread user recommended the "ENI GEM" Gemini jailbreak for "fraud and hacking coding/questions," and a "GROK JAILBREAK free 2026" thread on DarkNetArmy drew 40+ replies in four days.
• A Russian-language Telegram channel with 170,000+ subscribers posted operational guidance on using AI to reverse-engineer binaries and find zero-days without source code — the exact capability profile Anthropic published for its restricted Mythos Preview model.
• Hours after Claude Opus 4.7's April 16 release, a Russian hacker-for-hire operator on forum_exploit noted the new model's improved accuracy and reasoning, demonstrating that the adoption window between model release and operator testing is now measured in hours.
• Two public GitHub repositories document how to backdoor Claude Code by modifying ~/.claude/settings.json so attacker payloads execute every invocation, and an open-source "vuln-chain-detector" attempts to replicate the multi-hop exploit chaining that Project Glasswing was designed to restrict.

Why it matters

This intelligence undermines a comforting assumption in AI safety: that restricting frontier model access and building guardrails meaningfully limits offensive AI capability. The reality is more uncomfortable — motivated operators are already using the same frontier models as defenders, just with better prompts. The adoption cycle is now hours, not weeks. Meanwhile, the open-source community is building replicas of restricted capabilities on GitHub, no Tor required.

The implication for AI security programs: if attackers have access to the same base models as defenders, the competitive advantage shifts entirely to prompting skill, tool integration, and operational speed — not model access control.

What to do

• Assume attackers in your threat model have access to the same frontier LLMs your security team uses.
• Monitor GitHub for tooling that operationalizes AI vulnerability research into automated exploit chains.
• Invest in detection capabilities that don't assume attackers are constrained by model safety filters.
• Track jailbreak and prompt injection techniques spreading on underground forums — they're early indicators of what your own AI tools may face.

Sources

• Suzu Labs — The Wall Around Claude 4.7 Does Not Extend to Dread
• Security Boulevard — Mirror of Suzu Labs analysis
• Anthropic — Introducing Claude Opus 4.7