September 8, 2025

-
min read

How to Defend Against WormGPT-Driven Phishing and Malware

AI is unlocking new ways to work across industries. Nearly four in five CEOs are implementing or likely to implement generative AI to speed up innovation across their companies, and workers at every level are using GenAI to improve or expand their processes. Unfortunately, they aren’t the only ones embracing the power of AI.

WormGPT was one of the best-known early examples of an AI that could create convincing social engineering attacks and build malware. While its developers have seemingly abandoned the project since then, the genie is out of the bottle. WormGPT laid a framework that still exists today and it raised awareness for many tools to follow.

But it isn’t all bad news. WormGPT also serves as an early warning and object lesson in how to protect your organization against a new generation of AI-empowered threat actors.

What is WormGPT?

WormGPT was a generative AI module that was built for threat actors. While it was seemingly based on the standard GPT-J language model, it differed in two key ways from the typical ChatGPT experience:

  • WormGPT circumvented many of the guardrails that legitimate generative AI platforms use to prevent illegal or unethical use.
  • WormGPT was seemingly trained on a large dataset that included many different kinds of social engineering attacks and malware code, allowing it to create further threats in those models.

WormGPT’s original developer announced the project’s end not long after the tool started attracting attention across the cybersecurity media landscape. But even if WormGPT proper is gone, the threat it signaled may be more present than ever.

How AI-powered tools can threaten your business

The potential threats posed by malicious implementations of GenAI are like a dark mirror of ethical GenAI usage. They do not replace the human element of attacks, but instead expand what those humans can do.

For instance, poor grammar, spelling errors, and unusual phrasing are often telltale signs of a phishing attack. Yet generative AI is capable of drafting email or SMS copy that sounds like it was written by a well-spoken, fluent individual. Without ethical guardrails to limit intent, malicious GenAI tools can create dozens of convincing messages in the time it would take a threat actor to draft a single one, all with individualized details that increase efficacy.

In addition to phishing messages, generative AI’s ability to create code for programs is well documented. When trained on examples of malware, GenAI could be used to quickly generate new versions of malicious programs such as trojans and keyloggers.

Current iterations of generative AI are more capable of “remixing” the examples they’re trained on than of creating entirely novel content. While entirely novel attack vectors likely won’t arise from AI-powered tools, their output may be just different enough to evade automated defenses that rely on comparing potential malware to known examples.

How to strengthen your defenses in a post-WormGPT world

Given the current capabilities of generative AI, one of the most pressing concerns is that WormGPT-like tools will raise the floor of what threat actors with fewer resources can accomplish. That means more convincing social engineering attacks and more potential sources of malware than ever before.

Here are five ways you can take a proactive approach to defending your organization against GenAI-empowered threats:

Implement zero-trust security

To reduce the likelihood of breaches and limit their impact, there may be no better start than implementing zero trust security across your organization. Instituting continuous verification minimizes the potential harm of a single compromised login process (such as from an AI-generated smishing message that successfully captures a 2FA code). Meanwhile, least privileged access prevents the unchecked acquisition of files throughout your network.

Secure mobile devices

Work doesn’t only happen on the devices that your organization provides. Employees who can use their mobile devices to work from anywhere with a data connection have more opportunities to be productive. They also have more opportunities to be compromised across a range of potential attack surfaces and vectors. Integrating dedicated mobile device security across your organization will help ensure every part of your network remains protected from the expanding range of threats made possible by GenAI.

Use advanced threat detection

WormGPT-like tools empower more kinds of threat actors to target more organizations in less time. Relying solely on static defenses and human judgment to respond to a potentially vast number of simultaneous attacks is less feasible in this new environment than ever before.

Advanced threat protection uses AI of its own to expand and multiply your cybersecurity capabilities, identifying and resolving many kinds of threats without the need for human intervention. Meanwhile, advanced tools and real-time data enable the swiftest and strongest human response possible to a broad array of potential attacks.

Prioritize cybersecurity training

We mentioned before how phishing messages generated by WormGPT could help attackers avoid some of the telltale signs of a social engineering attack. Fortunately, a strong understanding of what social engineering is, how it works, and how each employee can help defend their organization against it can still make a big difference.

It’s essential to get everyone, not just your IT department, on board with these cybersecurity fundamentals. Lookout’s free SMS phishing assessment can help you quickly identify your organization’s current anti-smishing security posture.

Protect your data in a GenAI-powered world

Taking those fundamental steps will help your organization stand ready against threat actors empowered by GenAI. But AI-driven threats to your organization’s data security can also come from within. If you want your workforce to enjoy the productivity benefits of AI without potentially exposing your sensitive data, you need a solid plan and the right partner.

Book a personalized, no-pressure demo today to learn:

  • How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
  • Real-world examples of phishing and app threats that have compromised organizations

Book a personalized, no-pressure demo today to learn:

  • How adversaries are leveraging avenues outside traditional email to conduct phishing on iOS and Android devices
  • Real-world examples of phishing and app threats that have compromised organizations
  • How an integrated endpoint-to-cloud security platform can detect threats and protect your organization

Book a Demo

Discover how adversaries use non-traditional methods for phishing on iOS/Android, see real-world examples of threats, and learn how an integrated security platform safeguards your organization.