Cybersecurity firm SlashNext recently reported on Xanthorox AI, a new and innovate hacking tool that surfaced on dark web forums and chat rooms earlier this year – described by researchers as “the next evolution in black-hat AI.”
The self-contained AI architecture is a significant advancement on previous malicious chatbots like WormGPT that use jailbreaks or tweaks to existing AI foundation models, according to the Pleasanton, California-based vendor.
“The developers claim to have built a self-contained, multi-model architecture hosted entirely on their own servers, enabling a local, unmonitored, and highly customizable AI experience,” that will be harder to detect and shut down, SlashNext researcher Daniel Kelly wrote in a report.
The platform contains five distinct models aimed at different tasks, such as generating malicious code and exploiting security flaws in software, extracting sensitive data from images and screenshots, and adopting human reasoning to write more convincing phishing messages.
Xanthorox AI is a reminder to security teams and MSSPs of the rapidly evolving nature of AI cyberthreats and the need to ramp up their capabilities – including the use of AI in their own operations – and understanding of the threat landscape.
AI as a Tool and a Threat
“Ultimately, MSSPs and MSPs must embrace AI as both a tool and a threat, leveraging it to enhance their own capabilities while preparing to defend against its misuse,” Casey Ellis, founder of security firm Bugcrowd, told MSSP Alert. “The arrival of tools like Xanthorox is all about force-multiplication for the adversary. MSSPs and MSPs are uniquely positioned to act as force multipliers for their clients in the face of evolving AI-driven threats. They bring scalability, expertise, and access to advanced tools that many organizations – especially smaller ones – can’t afford to maintain in-house.”
The latest AI-based cyberthreat, with its self-contained environment and multiple capabilities, represents a difficult challenge for organizations and service providers, according to SlashNext’s Kelley.
“Xanthorox AI presents itself as a comprehensive, all-in-one hacking tool, powered by a modular architecture designed to support a wide range of cybercrime operations,” he wrote. “From an attacker’s perspective, Xanthorox AI hits most of the marks needed for a versatile hacking assistant. It handles code generation, vulnerability exploitation, data analysis, and integrates voice and image processing, making it capable of both automated and interactive attacks.”
Legitimate Claims
This also illustrates the dual nature of AI in cybersecurity—as both a threat and a tool for protection. The development of modular, self-contained systems that run offline and support multiple models is well within the capabilities of current AI technology, making the threat actors’ claims about Xanthorox AI plausible—and increasing the likelihood that similar platforms will be replicated and refined by others.
“We already have tools like customizable language models and methods to integrate voice and image processing,” Kelley wrote. “Even if Xanthorox doesn’t meet every expectation, the technology to build something similar is available, and we’ll likely see systems like it emerge soon.”
Considering that MSSPs role in countering such AI-powered threats will only grow, it will be crucial for them to expand their capabilities and knowledge to keep up with the evolving tools that threat actors use. Service providers are critical in defending against such AI-based threats by providing expertise and tools that can detect and respond to attacks across layers, from endpoints and networks to cloud environments, according to J Stephen Kowski, SlashNext’s field CTO.
With AI, Role of MSSPs, MSPs Expand
To counter threats like Xanthorox AI, it will be crucial for MSSPs to invest in advanced tools that use machine learning and AI, train their teams to identify AI-specific risks, like adversarial attacks or data pointing, and expand services like real-time threat hunting and automated response programs.
“Combining skilled personnel with scalable technology ensures readiness for increasingly sophisticated challenges,” Kowski told MSSP Alert.
Bugcrowd’s Ellis emphasized that MSSPs and MSPs should focus on three areas: Hiring more AI specialists to increase their knowledge of AI security, offensive AI-powered approaches, and emerging attack vectors; developing services that specifically address AI-related risks like adversarial testing, AI model auditing, and monitoring for AI-enabled attacks; and working with industry groups and adopting emerging standards for AI security.
MSSPs can also build partnerships with AI vendors and security researchers to stay informed about cyber threats and mitigation strategies, and push for transparency and accountability in AI deployments, he said.
Ensuring Quality is Key
Additionally, MSSPs need to ensure the quality of offerings they resell and avoid AI vendors that don’t prioritize quality and ethics, Rob Enderle, principal analyst with The Enderle Group, told MSSP Alert.
MSSPs “can make a huge difference by vetting solutions and promoting solutions that have a higher focus on quality and ethics, basically acting as a trusted partner to their customers who are struggling to pick solutions that won’t disappoint them, or worse, cause significant problems for the company due to low quality,” Enderle said, suggesting OpenAI as a vendor that needs to put a greater emphasis on quality and ethics.
He added that “quality is a big problem for AI providers and buyers. Helping providers focus on quality, and ensuring that buyers receive adequate quality, is where MSSPs and MSPs can deliver much-needed value.”
The Need for Speed
Speed – including the ability to identify threats and take action more quickly – is key, according to Kris Bondi, co-founder and CEO of the security company, Mimoto.
“A byproduct of AI evolving attacks at a faster and faster pace is that insights from after-breach forensics, which has been so much of security and recovery, is becoming less valuable,” Bondi said. “While we should want to know how malicious activity was perpetrated, we can't rely on this as a starting point for protecting against current attacks.”
MSSPs and other organizations need to embrace security solutions that are made to be adaptive so they can detect and respond in real-time to whatever AI threats appear, she said, adding that “providing contextual understanding of the situation is extremely valuable. This is an area where organizations can leverage AI to gain a better understanding of incoming alerts.”
