If you’ve used any AI system, you’ve likely noticed that guardrails are in place to prevent misuse, harm, and bias. These guardrails prevent users from requesting forged documents or encouraging it to say something offensive. However, your mileage may vary on how adequate these guardrails are. And what happens if these guardrails are not just ineffective, but purposefully compromised?
Well, it becomes a threat actors’ paradise. This has happened numerous times in the past couple of years, with uncensored LLMs such as WormGPT, FraudGPT, and GhostGPT emerging. But, because they are simply jailbroken versions of ChatGPT with a different UI slapped on, they don’t always stand the test of time.
Now, however, with the emergence of the Nytheon AI platform on Tor, it seems that threat actors are beginning to take a more sophisticated approach to producing an uncensored LLM that will last. Training one from scratch would take time and millions of dollars, so they’ve begun turning to the next best thing: open-source LLMs such as Meta and DeepSeek, removing protective measures and adding their own interface atop.
The platform
According to a report from Cato, Nytheon was first discovered on various Telegram channels and XSS, a popular Russian hacking forum. It uses a similar interface to other major AI chatbots, such as Google Gemini, Microsoft Copilot, OpenAI’s ChatGPT.
Unlike previous jailbroken malicious AI, Nytheon platform doesn’t rely on one LLM. Users can instead access a portfolio of open-source LLMs, each offering different benefits. Most models share an identical 1,000-token system prompt to disable safety layers to permit profanity and comply with illegal requests.
There’s Nytheon Coder, which is derived from Meta’s Llama 3.2, and promises long-form, policy-free content creation. Then there’s Nytheon GMA, a version of Google’s Gemma 3, which has image-to-text capability, which can be useful for many malicious activities.
Nytheon R1, a version of “RekaFlash 3” line which offers logic and math accuracy. Lastly, it also uses Llama 3.8B-Instruct to behave as a control model for when the platform needs to appear legitimate and provide guardrail-aligned answers.
What it means
The successful unification of all these capabilities on one platform is a worrying development that could increase the threat of cybercrime online. To safeguard against these threats, a number of factors need to be a considered, including:
- Adequate organizational security measures: Implementing cybersecurity measures that can detect AI-generated attacks is key.
- Increasing user awareness: Attacks like deepfakes and phishing are only set to become more sophisticated, so the ability to recognize the signs and to continually verify authenticity is key.
Implement better AI development: For anyone developing an AI model, security measures should be built in and regularly audited.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.