Fordel StudiosDark web criminals launch custom unrestricted LLMs
What Happened
At least three vendors now sell proprietary unrestricted large language models on dark web marketplaces, with subscriptions ranging from $30 to $200 per month and over 1,000 active users. Nytheon AI operates an 80-billion-parameter model accessible via TOR, enabling automated phishing campaigns at scale. The adversarial AI market has matured from individual exploitation to a commercialized, subscription-based service model.
Our Take
We knew this was coming. The moment open-weight models hit 70B+ parameters, the question was never 'will bad actors use them' — it was 'how long until there's a SaaS business model around it.' Turns out: not long.
Nytheon AI is running an 80B parameter model over TOR for $30-200/month. That's a cheaper monthly subscription than my Cursor license. And they've got 1,000+ paying customers — so this isn't some lone wolf, it's a functioning marketplace.
Here's what actually concerns me: automated phishing at LLM quality is a different threat category. Not 'Nigerian prince' different — 'perfectly mimics your CEO's writing style from their LinkedIn posts' different. Our clients' users won't catch this.
If you're building anything with auth flows, email-based verification, or user-generated content — your 2024 threat model is already outdated. Rate limiting and email validation aren't enough anymore.
Not panicking. Just recalibrating. The defense layer needs to get smarter too, and honestly that's probably also LLMs.
What To Do
Audit every email-triggered auth flow in your stack this week — add behavioral anomaly detection or at minimum tighten rate limits to 3 attempts/hour with device fingerprinting.
Cited By
React