Beyond the AI Hype: A Threat Intelligence Repository That Separates Fact from FUD
Hook
When SlashNext claimed a 1,265% increase in AI-powered phishing attacks, the cybersecurity industry panicked. But what if most 'AI-enabled attacks' are just researchers demonstrating what's theoretically possible, not what adversaries are actually doing?
Context
The intersection of artificial intelligence and cybersecurity has become a minefield of conflicting narratives. Vendors tout astronomical increases in AI-powered attacks to sell products. Researchers publish proof-of-concept exploits that journalists mistake for active threats. Meanwhile, security teams struggle to separate signal from noise: which AI threats are real, which are imminent, and which are purely hypothetical?
The cybershujin/Threat-Actors-use-of-Artifical-Intelligence repository emerged to address this intelligence gap. Rather than aggregating every AI security paper or vendor claim, it applies rigorous methodology to document only confirmed instances of threat actors using AI and LLMs in actual cyberattacks. This isn't a tool or framework—it's a curated knowledge base that maps verified adversary activity to MITRE ATT&CK TTPs while proposing new classifications for LLM-specific techniques. For threat intelligence analysts drowning in AI security hype, it's a reality check backed by primary sources.
Technical Insight
The repository's architecture reflects a research-first approach organized around evidence quality and TTP classification. At its core are three interconnected components: a timeline of confirmed AI usage by threat actors, a mapping to existing MITRE ATT&CK techniques, and proposed extensions for LLM-specific TTPs that existing frameworks don't adequately describe.
The methodology distinguishes between actual threat actor behavior and researcher demonstrations—a critical filter that most threat intelligence reporting fails to apply. When a security company publishes research showing how ChatGPT could be prompted to generate polymorphic malware, that's a researcher demonstration. When law enforcement reports that a ransomware group used Claude to develop GTG-200 malware (as documented in Anthropic's Q4 2024 transparency report), that's confirmed threat actor usage. This distinction matters because threat models built on researcher capabilities rather than adversary behavior lead to misallocated defensive resources.
The repository tracks what it calls 'watershed moments'—qualitative shifts in threat actor AI adoption. The GTG-200 case represents one such inflection point: the first confirmed instance of ransomware development using generative AI, moving beyond the predominant social engineering applications (phishing, business email compromise, deepfakes) into malware creation. While the architecture doesn't provide machine-readable formats like STIX or TAXII for automated ingestion into SIEMs, the structured approach to TTP mapping enables manual translation:
# Example TTP mapping structure (conceptual - adapt for your threat model)
incident:
id: "GTG-200-ransomware-development"
date: "2024-Q4"
source: "Anthropic Transparency Report"
actor_type: "Ransomware operator"
ai_tool: "Claude (jailbroken)"
mitre_attack:
- tactic: "Resource Development"
technique: "T1587.001 - Develop Capabilities: Malware"
proposed_llm_ttp:
- "LLM-RD-001: Code Generation for Malware Development"
- "LLM-DEF-002: Jailbreak Existing Commercial Model"
verified: true
distinguisher: "Law enforcement attribution, vendor confirmation"
The proposed LLM-specific TTPs address a genuine gap in existing frameworks. MITRE ATT&CK was designed for traditional cyber operations and struggles to describe techniques like 'prompt engineering for malicious code generation' or 'jailbreaking safety guardrails.' MITRE ATLAS covers attacks against AI systems (model poisoning, adversarial examples) but not attacks using AI as a tool. This repository bridges that gap by proposing classifications that can coexist with ATT&CK while capturing AI-specific nuances.
The 'Dark LLMs' tracking component catalogs jailbroken models and malicious AI tools that have emerged in criminal forums. Early attempts at purpose-built 'criminal LLMs' like WormGPT and FraudGPT largely failed or were scams, leading threat actors to pivot toward jailbreaking existing models—a tactical evolution the repository documents. For integration into existing security workflows, this intelligence can inform defensive priorities:
# Conceptual integration: flagging LLM usage indicators in security logs
import re
LLM_INDICATORS = {
'prompt_injection': r'(ignore previous instructions|disregard safety)',
'jailbreak_attempts': r'(DAN mode|developer override|evil mode)',
'code_generation': r'(write python code to|generate malware that)',
}
def analyze_api_logs(log_entry):
"""Flag potential adversarial LLM usage in application logs"""
flags = []
for indicator_type, pattern in LLM_INDICATORS.items():
if re.search(pattern, log_entry, re.IGNORECASE):
flags.append(indicator_type)
return flags if flags else None
# This simplified example shows how repository intelligence
# translates into defensive detection logic
The repository's healthy skepticism toward vendor statistics provides crucial context for threat modeling. When it includes third-party research from Verizon DBIR and Trend Micro showing that actual AI adoption by threat actors lags industry hype, it's not dismissing the threat—it's calibrating expectations. This evidence-based approach helps security teams prioritize: defend against confirmed techniques (AI-generated phishing, deepfake business email compromise) while monitoring emerging capabilities (malware development, automated vulnerability research) without overweighting purely theoretical attacks.
Gotcha
The repository's research-compilation nature presents significant operational limitations. It's not a software tool, API, or automated threat feed—it requires manual review and interpretation. For organizations expecting machine-readable threat intelligence that flows automatically into SIEMs, TIPs, or SOAR platforms, this won't integrate without substantial translation effort. The lack of STIX/TAXII formatting means you're reading markdown files and manually updating your threat models, not ingesting structured IOCs.
Documentation completeness appears inconsistent. References to separate files for 'Dark LLMs and Blackhat GPTs' and source pages may contain broken links or outdated information. The repository depends heavily on external reports (Anthropic transparency reports, vendor research, law enforcement disclosures) that may become paywalled, redacted, or unavailable over time. There's no version control or archiving strategy visible for these external dependencies. Additionally, the explicit scope exclusions—attacks on AI systems, misinformation campaigns, insider threats from AI users—mean you're getting only one slice of the AI threat landscape. For comprehensive AI security coverage, you'll need to combine this with OWASP LLM Top 10, MITRE ATLAS, and traditional threat intelligence sources.
Verdict
Use if: You're a threat intelligence analyst, security researcher, or CISO who needs evidence-based documentation of confirmed AI usage by adversaries rather than vendor-driven hype. This repository excels at separating actual threat actor capabilities from theoretical research, providing the reality check necessary for rational threat modeling and budget allocation. It's particularly valuable when justifying (or rejecting) AI-specific security investments to leadership, building threat scenarios grounded in verified incidents, or understanding the tactical evolution from failed criminal LLMs to jailbreaking and deepfakes. Skip if: You need automated threat feeds, machine-readable IOCs for SIEM integration, comprehensive AI security coverage including attacks on AI systems themselves, or immediate actionable defensive measures. The manual research compilation format requires significant analyst time to extract value, and the deliberate scope limitations mean you'll need complementary resources for holistic AI threat visibility.