Posts
Xanthorox AI - a neural network for a hacker 🔞 Each generation of AI brings both useful…
May 17, 2025 at 2:03 PM•Max Knyazev is typing…Telegram mirror
Xanthorox AI
— neural network for a hacker
🔞
Each generation of AI brings both useful tools and their side effects in the form of... "dark reflections". In 2023 everyone was discussing WormGPT . It became the first truly criminal language model, designed for phishing, creating malware, and writing persuasive letters on behalf of the “head of accounting.” Then let's go EvilGPT, DarkBERT, BlackMamba and dozens of others - some in the form of modifications of GPT, others as simply sets of prompt instructions with a certain ethical profile. This all started offensive LLM . This term now refers to language models for offensive purposes
🎃
And now it comes out in 2025 Xanthorox AI - a tool that is called “the killer of all previous models.” And this time it's not just marketing. This is truly a new level: autonomous, works completely offline, with voice, vision and the absence of any API. Not a patch on GPT, but something of our own, built from scratch. Don't worry if you don't understand everything. Now we'll figure it out
👨💻
What is Xanthorox?
Xanthorox first appeared on the darknet at the end of the first quarter of 2025, as reported by the guys from Securitylab. Since then, information has been disseminated through closed forums, Telegram channels and private chats.
📱
Xanthorox is pitched as a modular platform for offensive cyber operations. The main difference is the architecture. No modified GPT, no clouds, no APIs. Everything runs locally, offline, on its own servers. There is also no dependence on the “big brother” in the form of OpenAI and Meta. Everything is modular and isolated
The architecture is built on five large modules. I’ll tell you briefly about each one separately.
😎
Module 1: Xanthorox Coder
Module 2: Vision
Module 3: Reasoner Advanced
Module 4: Data Spider
Module 5: Voice Interface
Plus - built-in file analyzer
Xanthorox is essentially a full-fledged offensive assistant that has no external dependencies and can be embedded in an offline laboratory, an air-gapped system, or even hidden in some kind of stand. Without the ability to track and stop remotely
👏
What is it like to live in a world where any scriptkiddy can carry out a sophisticated attack on... your devices, for example?
😱
#information_security
Open original post on TelegramEach generation of AI brings both useful tools and their side effects in the form of... "dark reflections". In 2023 everyone was discussing WormGPT . It became the first truly criminal language model, designed for phishing, creating malware, and writing persuasive letters on behalf of the “head of accounting.” Then let's go EvilGPT, DarkBERT, BlackMamba and dozens of others - some in the form of modifications of GPT, others as simply sets of prompt instructions with a certain ethical profile. This all started offensive LLM . This term now refers to language models for offensive purposes
And now it comes out in 2025 Xanthorox AI - a tool that is called “the killer of all previous models.” And this time it's not just marketing. This is truly a new level: autonomous, works completely offline, with voice, vision and the absence of any API. Not a patch on GPT, but something of our own, built from scratch. Don't worry if you don't understand everything. Now we'll figure it out
What is Xanthorox?
Xanthorox first appeared on the darknet at the end of the first quarter of 2025, as reported by the guys from Securitylab. Since then, information has been disseminated through closed forums, Telegram channels and private chats.
Xanthorox is pitched as a modular platform for offensive cyber operations. The main difference is the architecture. No modified GPT, no clouds, no APIs. Everything runs locally, offline, on its own servers. There is also no dependence on the “big brother” in the form of OpenAI and Meta. Everything is modular and isolated
The architecture is built on five large modules. I’ll tell you briefly about each one separately.
Module 1: Xanthorox Coder
Automatic generation of code, exploits, scripts, backdoors and PoC. You set the goal, specify the restrictions - he does the rest. Moreover, he knows how to bypass signatures and use encryption. There is even an autotest mode for popular antiviruses ( via offline signature emulation ). The tool is focused specifically on creating combat solutions, and not just generating “hello world”
Module 2: Vision
Works with images, screenshots, PDF and video frames. Extracts text, recognizes interfaces, analyzes diagrams, tables, logos. Can be used for OSINT ( for example, recognize software and version from a screenshot ) or for attack ( for example, find the desired button on the web application interface and prepare an attack for it )
Module 3: Reasoner Advanced
Not just a language model, but a logical “brain”. Specializes in building chains of reasoning, generating convincing stories, falsifying legal and financial documents, where not only structure, but also logic is important. In simulation mode, it can act out the behavior of the victim, emulating responses to attacks via instant messengers or e-mail
Module 4: Data Spider
This is an alternative search engine without an API. It collects data from more than 50 sources ( from TOR to Chinese FTP ). Bypasses captchas, redirects, authorization. Collects databases, sources, old frameworks, leaked configs, everything that might be useful. Runs completely locally, caching results for offline operation
Module 5: Voice Interface
Voice control support - both live and via voice messages. You can control Xanthorox by voice: ask to generate a script, get a selection of vulnerabilities, search for leak by keyword. Considering that everything works locally, it is also safer than text input on the keyboard
Plus - built-in file analyzer
Xanthorox can open, analyze and rebuild .c, .txt, .docx, .pdf and even binaries. Pulls hashes, creds, API keys, developer comments, bookmarks and can embed the payload into the document on the fly
Xanthorox is essentially a full-fledged offensive assistant that has no external dependencies and can be embedded in an offline laboratory, an air-gapped system, or even hidden in some kind of stand. Without the ability to track and stop remotely
What is it like to live in a world where any scriptkiddy can carry out a sophisticated attack on... your devices, for example?
#information_security
Discussion
Comments
Comments are available only to confirmed email subscribers. No separate registration or password is required: a magic link opens a comment session.
Join the discussion
Enter the same email that you already used for your site subscription. We will send you a magic link to open comments on this device.
There are no approved comments here yet.