In a world where AI continues to make leaps and bounds in the digital landscape, we’re seeing a darker side of technology begin to rise. A new generative artificial intelligence model, ominously dubbed WormGPT, has emerged from the underbelly of the dark web. Described as the “evil cousin” of ChatGPT, this tool has been intentionally designed for mass hacking, spamming and disinformation campaigns, setting the stage for a possible cybercrime surge.

Cyber Attacks: Evolving Beyond Typos and Poor Grammar

Historically, the glaring giveaway of scam emails has been their telltale poor spelling, grammar, and formatting. The so-called “spray and pray” spammers have been consistently blocked by spam filters, mostly due to these markers. However, WormGPT threatens to change this narrative.

This AI model is capable of crafting advanced, targeted, and personalised phishing attacks, replicating writing styles so convincingly that it can potentially hoodwink unsuspecting victims with ease. With these sophisticated scams, the distinction between genuine correspondence and spam blurs.

Mimicking Reality: A New Level of Deception

WormGPT’s trickery doesn’t stop at mimicking writing styles. It can also use previously gathered email samples and social media posts to further emulate the style of a specific person or organisation. Moreover, it can even manipulate images posted on social media to make its deceptive narrative more compelling.

This approach, when merged with rapidly evolving AI-generated voice, speech, video, and conversational style, makes it harder to distinguish real from fake. Consider the potential impact on romance scams: once identifiable by their poorly written love declarations, they could now become eerily indistinguishable from real-life interactions.

Beyond Humans: Tricking Systems and Servers

The malice of WormGPT extends beyond just fooling humans—it’s also designed to dupe computer systems and servers. It can create malicious codes and conduct “code obfuscation”, complicating the efforts of malware analysts to understand a code’s true purpose. Moreover, it can generate deceptive web forms and URLs, providing unauthorised access to devices and accounts.

This new toolkit gives cybercriminals an advanced arsenal to automate and significantly scale their offensives. Coupled with the data from recent major breaches, we might soon witness simulated scam profiles based on real people.

Looking to the Future: Potential Risks and Remedies

As we brace ourselves for this wave of sophisticated cyberattacks, we can’t help but acknowledge the challenges we face. Current policies are slow to keep up with technology, and WormGPT’s introduction does not bode well for our online safety. However, initiatives like the proposed national anti-scams centre provide a beacon of hope.

In the face of adversity, we can shape these technologies for the greater good. Generative AI models, if used correctly, could become valuable tools in combating cybercrime. Until then, our vigilance needs to remain at an all-time high. If these malicious tools aren’t quickly subdued, their evolution could lead to a digital Wild West—a scenario where nothing online is safe, and bandits lurk at every corner.


  1. What steps can my business take to identify potential cybersecurity threats? At 4walls, our Cyber Risk Assessment service offers a comprehensive evaluation of your organisation’s current cybersecurity stance, helping you identify vulnerabilities and potential threats.
  2. How can we reduce human error related to cybersecurity in our organisation? Human Risk Management is a year-long service we offer at 4walls, designed to address the human factor in cybersecurity. We offer phishing simulations, user training modules, policy compliance reviews, and dark web scanning.
  3. How can we improve cybersecurity awareness among our staff? Our Cyber Security Awareness Training program is an interactive course designed to educate your staff about common cyber threats, safe digital practices, and incident response strategies.
  4. What training is available for our board members to better manage cyber risks? 4walls offers Cyber Governance Principles Training specifically for Board Directors. It provides knowledge to make informed cybersecurity decisions and oversee effective cyber risk management.
  5. Can we test our organisation’s readiness against a cyberattack? Yes, our Cyber Event Simulation service allows your Board and Executive Team to test their response to a simulated cyber event, identifying potential gaps in your response plan.