The Pitch-Black Bot: DIG AI Emerges as the Dark Web’s Uncensored Malware Engine
A new tool has surfaced on the dark web, quickly drawing the attention of security professionals—and not for benign reasons. The service, known as DIG AI, is an artificial intelligence platform devoid of any built-in safeguards. According to Resecurity, the bot is already being actively exploited for fraud schemes, malware development, the dissemination of extremist material, and the creation of content linked to the sexual exploitation of children.
Researchers first detected traces of DIG AI on September 29, 2025. Almost immediately after its launch, the service’s administrator began aggressively promoting it on a dark web forum, boasting of its early adoption: the system reportedly processed around ten thousand requests within its first 24 hours. Cyber intelligence analysts note that interest in the tool among malicious actors rose sharply in the fourth quarter of 2025, with the holiday season further accelerating its spread.
Unlike earlier criminal AI offerings such as FraudGPT or WormGPT, which operated on a subscription model, DIG AI follows a different approach. It requires no registration, payment, or even an account—access is granted simply by connecting through the Tor network. The creator claims the service runs entirely on proprietary infrastructure rather than third-party cloud platforms, a design choice that enhances its resilience against takedowns.
Resecurity conducted a series of tests and concluded that the bot responds without hesitation to queries involving explosives, narcotics, other illicit substances, financial fraud, and a range of activities prohibited under international law. During these experiments, the system generated functional malicious scripts, including code for deploying backdoors and other forms of malware. According to analysts, the outputs were not merely theoretical but fully usable in real-world scenarios.
Researchers paid particular attention to DIG AI’s handling of pornographic content. The tool proved capable of generating entirely synthetic material as well as manipulating images of real minors, transforming otherwise innocuous photographs into illegal content. Experts describe this capability as one of the most alarming aspects of the platform.
Despite its breadth of functionality, the service currently shows certain limitations. Some operations take several minutes to complete, suggesting relatively modest computing resources. Resecurity analysts note, however, that this constraint could be easily overcome—by introducing paid access and scaling hardware—should sufficient demand arise.
Investigators also discovered DIG AI advertisements on several Tor-based marketplaces associated with drug trafficking and the resale of compromised payment data. This choice of venues clearly delineates the audience the developer intends to reach. The administrator, operating under the alias “Pitch,” claims that one of the three available models is based on ChatGPT Turbo.
Between 2024 and 2025, references to and practical use of malicious AI tools on underground forums reportedly tripled. Cybercriminals are rapidly adopting large language models, and the emergence of new systems is only accelerating this trend.
Resecurity warns that by 2026, such technologies could drive a significant escalation in cyber threats. These concerns are amplified by major international events scheduled for that period, including the Winter Olympics in Milan and the FIFA World Cup. Analysts argue that criminal AI platforms lower the barrier to entry into cybercrime by automating and amplifying attacks—thereby broadening the pool of potential adversaries.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
