The dawn of Dark AI: A new era of cyber warfare in Asia-Pacific

Participants  at the conference

Head of the Global Research & amp; Analysis Team (GReAT) for META and APAC at Kaspersky,  Sergey Lozhkin

By Nishel Fernando in Da Nang, Vietnam 

A new and formidable spectre is haunting the digital landscapes of the Asia-Pacific (APAC) region. Coined “Dark AI,” this malicious evolution of artificial intelligence is no longer the stuff of science fiction but a present and escalating threat, arming cybercriminals and nation-state actors with unprecedented capabilities. 

At the Kaspersky APAC Cyber Security Weekend 2025 held in Da Nang, Vietnam, the global cybersecurity firm painted a sobering picture of an emerging arms race where AI is both the weapon and the shield in a rapidly intensifying conflict.

During a presentation made by Sergey Lozhkin, Head of the Global Research & Analysis Team (GReAT) for META and APAC at Kaspersky, it was highlighted that attackers are leveraging AI to orchestrate digital menaces on a scale and with a sophistication never seen before.

“Since ChatGPT gained global popularity in 2023, we have observed several useful adoptions of AI... In the same breath, bad actors are using it to enhance their attacking capabilities,” Lozhkin stated. “We are entering an era in cybersecurity and in our society where AI is the shield and Dark AI is the sword”.

This feature delves into the key findings shared by Kaspersky, exploring the anatomy of Dark AI, its application by threat actors, and the defensive strategies required to navigate this perilous new chapter in cybersecurity.

What is Dark AI?

In the burgeoning field of generative AI, the term “Dark AI” requires a precise definition. According to Lozhkin and Kaspersky, this is not merely a case of tricking a legitimate AI like ChatGPT or Gemini into producing malicious output. While such “jailbreaking” exists, Dark AI is a far more deliberate and sinister creation.

Kaspersky defines Dark AI as the local or remote deployment of non-restricted large language models (LLMs), full frameworks, or chatbot systems that are intentionally built, modified, and used for malicious, unethical, or unauthorized purposes. 

“What we are calling dark AI is an LLM or fully functional framework or chatbot or whatever that was created especially to make malicious activity in cyber,” Lozhkin clarified during his speech. These systems operate entirely outside the guardrails of standard safety, compliance, or governance controls, enabling deception, manipulation, and cyberattacks without oversight. 

The focus is squarely on cybercriminal activity; an AI that helps create weapons, for instance, falls into “some other darkness” but is not what Kaspersky’s researchers are tracking under this banner.

The Arsenal of Dark AI: From Clumsy Code to Sophisticated Cybercrime

The genesis of this threat can be traced back to mid-2023 with the emergence of so-called “Black Hat GPTs”. Early iterations like WormGPT were often clunky, producing non-working or easily detectable malicious code. 

“They provided you with a really, really bad code... that would be immediately detected by any antivirus,” Lozhkin recalled.

However, the landscape has evolved at a terrifying pace. Today’s Dark AI tools are sophisticated and specialized. Publicly known examples include DarkBard, FraudGPT, and Xanthorox, which are designed to support a range of cybercrime. Xanthorox, for example, is a fully functional framework available for a subscription (Lozhkin mentioned a price of around $200 per month) that offers dedicated modules for code generation, voice faking, and phishing. A screenshot from the framework showed a user requesting “a high-tech ransomware with 4 different encryption” methods that can bypass Windows Defender, a request the tool claimed it could fulfill.

Even more concerning are the private and semi-private AI models that exist on exclusive underground forums. Access to these highly specialized LLMs optimized for specific tasks such as phishing or malware generation is a privilege reserved for trusted, high-reputation cybercriminals. 

“You need to build your reputation on the underground forums to get access to these systems,” Lozhkin explained.

These systems are potent because they are trained on a continuous diet of the latest malicious knowledge. Lozhkin revealed their mechanics: 

“These guys parse this information. Newest techniques from public blogs, from researchers and mostly code from GitHub. They grab it in real time and train a lamp on this code.”

This has given rise to several key malicious applications including Advanced Code Generation, Hyper-Realistic Phishing and Voice and Video Deepfakes.

Dark AI acts as a powerful assistant for skilled developers, dramatically boosting their productivity. It excels at creating polymorphic malware—code that constantly changes to evade detection. “If you use a dark eye, you just provide a code and it will change it almost instantly to something very less detectable,” Lozhkin noted.

The language barrier, once a tell-tale sign of a phishing attempt, has been effectively erased. Dark AI crafts fluent, persuasive, and grammatically perfect text, even for non-native English-speaking attackers. These LLMs are trained on vast quantities of corporate emails, enabling them to mimic the tone and style of a CEO or other trusted figures with uncanny accuracy. “This vision looks so real that even only I think a person who is a cybersecurity researcher could find out that it’s vision,” Lozhkin warned.

The creation of convincing deepfakes is now a key tool for social engineering. Attackers can use just a small voice sample to generate a real-time voice clone for fake customer support or executive calls. A recent attack attributed to the BlueNoroff group utilized a fake Zoom call with deepfake executives to deceive employees, a stark example of this threat in action. “I don’t trust videos anymore as a security researcher,” Lozhkin admitted. “Absolutely not. Any video can be faked right now.”

The Nation-State Adoption: A “Darker Trend”

Perhaps the most alarming development is what Lozhkin called a “darker trend”: the enthusiastic adoption of these AI tools by nation-state actors and Advanced Persistent Threat (APT) groups. These sophisticated, often government-backed entities are leveraging LLMs to enhance their espionage and attack campaigns.

The numbers are stark. OpenAI recently announced it had disrupted over 20 covert influence and cyber operations attempting to misuse its AI tools. Even more pointedly, Lozhkin cited a recent Google Threat Intelligence report that identified 40 government-backed APT groups using Gemini for malicious purposes this year alone. These groups use AI to craft convincing fake personas, generate multilingual content to deceive victims, and write code to support their hacking operations.

Lozhkin explained how these actors can be identified, even when using public tools. Threat intelligence teams can recognize when an actor tries to modify a piece of code known to be part of a specific APT’s toolkit or makes requests related to known targets of that group.

The AI Arms Race: Forging a Defense

The rise of Dark AI has ignited an “AI arms race,” forcing defenders to innovate at an equal or greater pace. “If you are not using the help of AI right now to create a defending mechanism, you are late,” Lozhkin asserted. “It’s a start of the race of the good guys and the bad guys using the AI to fight each other.”

Kaspersky itself is deeply engaged in this race. The firm’s Global Research & Analysis Team (GReAT), established in 2008 is a formidable force in the cybersecurity world. Comprising over 30 experts globally, GReAT monitors more than 900 operations and groups, with a staggering 90 percent of these activities relating to cyberespionage. The team publishes over 120 private reports on average each year, a figure that surged to over 190 in 2023.

Lozhkin revealed that AI is now central to their defensive operations, used for reverse-engineering malware, coding, and research, boosting his team’s productivity by “10 to 20 times.” He emphasized, “We are creating our own LLM in Kaspersky to find what I was speaking with you today. To find it, to identify it, to eliminate it, to analyze it.”

For organizations in APAC and beyond, Kaspersky recommends a multi-layered defense strategy to counter AI-driven threats:

Employ next-generation security solutions like Kaspersky Next to detect AI-powered malware.

Utilize real-time threat intelligence to stay ahead of AI-driven exploits.

Implement strict access controls and continuous employee education to mitigate risks from shadow AI and data leakage.

Establish a dedicated Security Operations Center (SOC) for constant threat monitoring and rapid response.

When asked about specific threats, such as the hacking of a platform such as Zoom, Lozhkin stressed the importance of proactive vulnerability research. He explained that Kaspersky’s researchers work to find flaws in popular software “way before the cyber criminals do” and report them to the vendors for remediation, thereby protecting the entire user base.

On the sensitive topic of attributing attacks, particularly in the context of geopolitical conflicts, Lozhkin was firm on Kaspersky’s long-standing policy of neutrality. 

“In Kaspersky we never do attribution,” he stated. “Most of the ABTs they’re trying to make a false flag... We don’t do any attribution and we research any kind of an ABT from the perspective of their code advancement.” The company focuses on the technical evidence and collaborates with law enforcement agencies globally, including in countries like Indonesia, to share threat data and combat cybercrime.

Lozhkin stressed that the threat of Dark AI is no longer on the horizon; it has arrived. It is a “child” that is growing rapidly, and its future capabilities are both unknown and unnerving. “It’s just the beginning,” he cautioned. For businesses, governments, and individuals across the Asia-Pacific, the time for awareness is over. The era of AI-powered defense is here, and building a resilient, intelligent shield is the only path forward.