WormGPT is no longer just a single censorship-free large language model built on older open source technology. According to Cato CTRL, cybercriminals are now using stronger AI systems to create new versions designed for abuse.
The report points to two versions appearing on BreachForums: keanu-WormGPT and xzin0vich-WormGPT. Both are distributed through Telegram, and both are described as ways to bypass the original models' safeguards by manipulating system prompts.
How WormGPT Has Changed
The original WormGPT launched in June 2023. It used the open source GPT-J model to create a censorship-free LLM for cybercrime.
That earlier version mattered because it showed how a large language model could be packaged specifically for malicious use. Instead of presenting itself as a general assistant with safety limits, it was positioned around the needs of cybercriminals.
Cato CTRL now says the ecosystem around WormGPT has shifted. The newer versions are not simply reusing the same foundation. They point to a move toward more capable AI models and more deliberate techniques for getting around safeguards.
Two New Versions Have Surfaced
The two versions identified in the source article are different in how they are built, but they share the same broad purpose. They use stronger AI systems and are made available through Telegram, giving cybercriminals a channel to access tools that can assist with attacks.
- keanu-WormGPT reportedly taps Grok from xAI through its API using a custom jailbreak.
- xzin0vich-WormGPT runs on Mixtral from Mistral AI.
The key point is not only which models are involved. It is that cybercriminals are adapting available AI systems into services that strip away or work around the safeguards those systems are supposed to enforce.
In the case of keanu-WormGPT, the source describes API access to Grok from xAI combined with a custom jailbreak. In the case of xzin0vich-WormGPT, the source says the tool runs on Mixtral from Mistral AI. Both examples show cybercriminals trying to upgrade the technical base behind WormGPT-style tools.
Why System Prompts Matter
Cato CTRL says both versions get around the original models' safeguards by manipulating system prompts. In plain language, that means the tool is not only asking a model to produce harmful output. It is also attempting to shape the model's instructions so that restrictions are weakened or avoided.
This matters because large language models often rely on instruction layers to decide what they should and should not produce. If a malicious wrapper can alter or override those instructions, the model may be pushed toward outputs that support cybercrime.
The source article names three kinds of output these tools can generate: phishing emails, malicious code, and other attack tools. Those categories cover both social engineering and technical attack preparation.
Phishing emails can help attackers create messages designed to deceive targets. Malicious code can support the technical side of an attack. Other attack tools can give cybercriminals additional material for planning or execution. The source does not provide further examples, so the important takeaway is the broader pattern: stronger AI models are being repurposed for offensive use.
A Shift In AI Misuse
Cato calls this a "significant shift" in the misuse of large language models. That description is important because it frames the development as more than a routine update to a known cybercrime tool.
The original WormGPT was already designed around removing limits from an LLM. The newer versions described by Cato CTRL suggest a more flexible model of abuse: take stronger AI systems, connect to them through available access paths, and use prompt manipulation to make them behave like cybercrime assistants.
That shift creates a clearer distinction between the model and the malicious service built around it. The underlying AI may be a general model, while the cybercriminal tool provides the wrapper, prompts, jailbreaks, and distribution channel.
For defenders, the lesson from the source is straightforward. The misuse of large language models is not fixed to one model or one release. As stronger models become available, cybercriminals can attempt to adapt them into phishing, code-generation, and attack-support tools.
What This Means For The AI Security Debate
The WormGPT updates described by Cato CTRL show how quickly malicious actors can reposition AI capabilities for cybercrime. The names and technical details may change, but the pattern is consistent: remove safeguards, simplify access, and package the result for attack workflows.
The use of Telegram for distribution also matters because it shows these tools are being circulated through channels familiar to online communities. The source does not describe how widely the tools are used, so the careful conclusion is narrower: these versions have surfaced, and they demonstrate an active effort to build more advanced WormGPT variants.
The broader implication is that AI safety controls cannot be treated as a one-time layer. If system prompts can be manipulated, and if external wrappers can connect to stronger models through APIs or other implementations, then misuse will continue to evolve alongside legitimate model development.
WormGPT began with GPT-J in June 2023. The newer keanu-WormGPT and xzin0vich-WormGPT versions reported by Cato CTRL show that cybercriminals are now trying to attach the same censorship-free concept to stronger AI models. That is the core change: the tool is evolving from a single malicious model into a repeatable method for turning advanced LLMs into cybercrime infrastructure.