1-855-263-7328
Security Portal Login
1-855-263-7328
Security Portal Login

WormGPT 4 and KawaiiGPT

Security researchers have uncovered a disturbing new trend: cybercriminals are marketing lifetime or free access to AI tools designed specifically to facilitate hacking, phishing, and ransomware campaigns. The tools in question – WormGPT 4 and KawaiiGPT – grant even non-skilled actors a high-powered “shortcut” into malicious operations.

What Are WormGPT 4 and KawaiiGPT
  • WormGPT 4 follows in the lineage of earlier malicious large-language models. It offers tiered access: around US $50/month, US $175/year, or a one-time payment of US $220 for “lifetime access,” including source-code availability.
  • The model reportedly generates working malware – from ransomware scripts to exfiltration tools – as well as highly convincing phishing emails and social-engineering content. In testing, it produced a working PowerShell script to encrypt PDF files, complete with a ransom note and C2-server support.
  • KawaiiGPT, released in mid-2025, is freely available on open repositories. It requires minimal setup (under five minutes on a Linux system) and can generate spear-phishing emails, lateral-movement scripts, data-exfiltration code, and ransom-note templates.

Researchers characterize these “dark LLMs” as lowering the barrier to entry for cybercrime – enabling individuals with little technical skill to carry out attacks previously requiring advanced expertise.

Why This Escalates Risk
  • Democratization of cybercrime – AI tools like WormGPT and KawaiiGPT turn cyberattacks into plug-and-play operations. The ease of use expands the pool of potential attackers dramatically.
  • Automation at scale – Phishing campaigns, credential-harvesting, ransomware coding, and even recon can be automated, increasing volume and reducing time to deployment.
  • Polished output – Generated emails and malware are increasingly sophisticated, making traditional red flags like poor grammar or sloppy code less reliable for detection.
  • Wider target surface – Organizations across industries – especially in finance, healthcare, retail, government, and manufacturing – become targets, as the entry barrier for attackers is greatly reduced.
What Organisations Should Do Immediately
  1. Treat your attack surface as AI-attractive – Assume that threat actors will leverage tools like WormGPT for phishing, BEC (Business Email Compromise), or malware.
  2. Strengthen email and identity authentication – Enforce multi-factor authentication (MFA), email security policies, and phishing-resistant controls.
  3. Harden endpoint and network defences – Deploy advanced endpoint detection, anomaly monitoring, and restrict script-execution and lateral movement.
  4. Monitor for AI-driven phishing and irregular communications – Look out for unusually well-written or context-aware phishing attempts, even if they seem professionally composed.
  5. Raise awareness and train staff – Social engineering is back – but now at scale. Regular training to spot phishing and suspicious requests is critical.
  6. Threat-hunt proactively – Include AI-generated content and script activity as part of threat-hunting models; treat suspicious tools or content even if they come as “just email.”
Conclusion

The availability of WormGPT 4 and KawaiiGPT underscores a troubling reality – malicious AI tools are transforming cybercrime into a commodity. With subscription-based or freely available AI models generating malware, phishing scripts, and ransomware at the push of a button, attackers now need minimal technical skill. Defenders must respond with equally adaptive strategies: strong email and identity controls, proactive monitoring, and continuous security hygiene.

About COE Security

COE Security helps organisations strengthen cyber resilience with services including:

• Advanced penetration testing (Web, Mobile, Cloud, API, Infra, Thick Client) • Red Teaming, Adversary Simulation and Social Engineering • Cloud Security Architecture and Compliance • Managed Detection & Response (MDR/XDR) • Security Automation, DevSecOps and AI-driven defence • Incident Response planning and digital forensics • Governance, Risk & Compliance (GDPR, HIPAA, PCI-DSS, ISO 27001, DPDPA)

Our team assists clients in deploying modern defence models – including controls to detect AI-powered malware, deepfake-enabled fraud, and automated phishing campaigns.

To stay updated on cutting-edge cybersecurity intelligence, follow COE Security on LinkedIn.

Click to read our LinkedIn feature article