Please ensure Javascript is enabled for purposes of website accessibility
Back

“WormGPT” Emerges for Phishing Attacks

Michael Matias
,
Co-Founder & CEO
September 19, 2023

WormGPT is an AI tool that’s designed to aid cybercriminals. It emerged in July, and  according to Sky News, promises a significant escalation in the sophistication and scale of phishing attacks.

Unlike its ethically constrained counterparts in the mainstream AI world, WormGPT operates without any safety protocols, making it potent in the hands of malicious actors.

The tool's existence was first brought to light through observations within dark web forums. Reports indicate that WormGPT was created with one purpose: to facilitate cybercrime. It stands apart from general-purpose large language models (LLMs) that have incorporated ethical guidelines and safeguards.

While these models often refuse to generate content deemed harmful or illegal, WormGPT enables such activities, offering a glimpse into the potential for unbridled AI in the hands of criminals.

 

The Mechanics of WormGPT

At its core, WormGPT leverages advanced language generation capabilities to craft convincing and personalized phishing emails.

This isn't just about generating generic messages; it's about creating narratives that resonate with specific targets, exploiting their vulnerabilities and trust. The tool's ability to tailor language to individual recipients, mimicking their writing styles or referencing personal details, significantly increases the likelihood of successful attacks.

Technically, WormGPT is believed to be built upon a foundation similar to other LLMs, but without the ethical guardrails. This allows it to generate text that is not only grammatically correct but also contextually relevant and emotionally manipulative.

The process involves feeding the AI with target information, such as the recipient's name, job title, and company details. WormGPT then uses this data to create a narrative, often impersonating a trusted entity or authority figure. Furthermore, reports indicate that WormGPT is capable of generating code, increasing the scope of its potential malicious activities.

Implications for Cybersecurity

The emergence of WormGPT represents a new threat to cybersecurity. It allows cybercriminals to bypass the primary defense mechanisms that rely on identifying grammatical errors and suspicious language patterns.

The volume and sophistication of phishing attacks are poised to increase, overwhelming existing security systems and user awareness training. The personalized nature of these attacks makes them dangerous, as they exploit the human tendency to trust familiar communication.

Cybersecurity experts have expressed concerns about the implications of WormGPT. They warn that the tool's ability to generate persuasive emails will lead to a surge in phishing attacks, with consequences for individuals and organizations alike.

Defense and Ethical Considerations

The appearance of WormGPT underscores the urgent need for enhanced cybersecurity measures. Traditional defenses, like spam filters and antivirus software, may struggle to keep pace with AI-generated attacks.

AI-powered detection systems, capable of analyzing language patterns and identifying suspicious behavior, can mitigate the risks. User education and awareness training remain essential too, but they must be updated to address the new challenges posed by AI-generated phishing.

Furthermore, the emergence of WormGPT highlights the critical importance of ethical considerations in AI development. The lack of safeguards in this tool demonstrates the potential for AI to be weaponized by malicious actors. Strengthening ethical guidelines and safety protocols is essential to prevent the proliferation of similar tools in the future.

In conclusion, the emergence of WormGPT marks a significant turning point in the landscape of cybercrime. This dark web AI tool, designed for unrestricted malicious activity, poses a threat to individuals and organizations worldwide.

-

The ability to generate highly persuasive phishing attacks and other forms of manipulation at scale signals a new era of “unlimited” cyber threats. The urgency to develop and deploy robust defenses and ethical frameworks has never been greater.

 

 

Latest AI Deepfake articles

Seeing is No Longer Believing: Inside the Rise of Deepfake Investment Scams

A new wave of deepfake investment scams is sweeping across social media-slick, convincing, and dangerously deceptive. Powered by AI and fronted by synthetic versions of celebrities and executives, these fake pitches are stealing attention, trust, and millions of dollars. Here’s what’s happening, how to spot it, and how Clarity is helping stop the fraud before it spreads

Niv Amitay
,
AI Cyber Generation Lead
May 8, 2025

Deepfake Investment Scams Are Exploding—And the Stakes Just Got Personal

Over the past few weeks, my feed has been flooded with "exclusive" video pitches featuring familiar faces like Gal Gadot, Dovi Frances, Yasmin Lukatz, Eyal Valdman, and even Warren Buffett. Each video promises extraordinary returns from a supposedly exclusive investment fund. The presentations are incredibly polished, flawlessly lip-synced, and convincingly authentic.

The only problem? None of these videos are real.

Why Does This Matter?

  • Hyper-Realism on Demand: Advanced generative AI now easily replicates faces, voices, and micro-expressions in real-time.
  • Massive Reach: Fraudsters distribute thousands of micro-targeted ads across Instagram, YouTube Shorts, and TikTok. Removing one only leads to a rapid replacement.
  • Record Losses: In 2024, a deepfake impersonation of a CFO cost a UK engineering firm $25 million. Regulators estimate nearly 40% of last year's investment fraud complaints involved manipulated audio or video.

What To Watch For

  • Too-Good-To-Be-True Promises: Genuine celebrities rarely endorse 15% daily returns.
  • One-Way Communication: Disabled comments, invitation-only direct messages, and suspiciously new "official" websites are red flags.
  • Subtle Visual Artifacts: Watch for flat hairline lighting, inconsistent blinking patterns, or an unnatural stare when the speaker moves.

How Clarity Responds

At Clarity, our detection engine swiftly identified the recent "Gal Gadot investment pitch" deepfake within 4 seconds, pinpointing subtle lip-sync inconsistencies invisible to human observers.

As deepfakes proliferate at machine speed, automated verification is essential. Our technology analyzes facial dynamics, audio patterns, and metadata in real-time, enabling rapid removal of fraudulent content—before it reaches potential victims. Think of our solution as antivirus software for the age of synthetic media—always active, continuously evolving, and most effective when supported by an educated public.

Yet, technology alone isn't enough; critical thinking and vigilance remain crucial.

If You Encounter a Suspicious Investment Video:

  • Pause: Don’t act immediately.
  • Verify: Confirm the source through known, official channels.
  • Report: Use the “impersonation” option available on most platforms.
  • Share Awareness: Inform others. Community awareness grows faster than deepfake scams when actively spread.
Together, let's protect our communities—investors, families, and fans alike—from synthetic media fraud.
graphical user interface, website

The Alarming Reality of Synthetic Interviews - And How Clarity Stops Deepfakes in Their Tracks

The Alarming Reality of Synthetic Interviews – And How Clarity Stops Deepfakes in Their Tracks AI-generated job candidates are infiltrating video interviews with fake resumes, social profiles—and even deepfaked faces. A new report by Unit42 reveals how threat actors are using synthetic media to bypass hiring processes. Clarity’s real-time detection platform tackles this threat head-on, analyzing live and recorded video to expose deepfakes before they compromise your team. No manual review needed—just fast, trusted answers.

Niv Amitay
,
AI Cyber Generation Lead
April 23, 2025

Last week, Unit42 by Palo Alto Networks published a fascinating - and frightening - deep dive into how easily threat actors are creating synthetic identities to infiltrate organizations.

We’re talking about AI-generated personas, complete with fake resumes, social profiles, and most notably, deepfaked video interviews. These attackers aren’t just sending phishing emails anymore. They’re showing up on your video calls, looking and sounding like the perfect candidate.

At Clarity, this is exactly the kind of threat we’ve been preparing for.

The Rise of Deepfakes in Hiring - A New Attack Vector

The interview process has become a weak link in organizational security. With remote hiring now standard, verifying a candidate’s identity has never been more challenging - and adversaries know it.

Deepfake technology has reached a point where bad actors can spin up convincing video personas in hours. As Unit42 highlighted, state-sponsored groups are already exploiting this to gain insider access to critical infrastructure, data, and intellectual property.

This isn’t just a cybersecurity issue - it’s a trust crisis.

Inside Unit42’s Findings - A Manual Deepfake Hunt

In their detailed analysis, Unit42 showcased just how layered and complex synthetic identity attacks can be. Each figure in their report highlights different aspects of deepfake deception - from AI-generated profile photos and fabricated resumes to manipulated video interviews, with cheap and widely available hardware to higher-quality deepfakes using resource-intensive techniques.

Their approach demonstrates the painstaking process of manually dissecting these fakes:

  • Spotting subtle visual glitches

  • Identifying inconsistencies across frames

  • Cross-referencing digital footprints

While their expertise is impressive, it also underscores a critical point: most organizations don’t have the time, resources, or deepfake specialists to conduct this level of forensic analysis for every candidate or call.

That’s exactly why Clarity exists.

How Clarity Detects What the Human Eye Can’t

Let’s face it - no recruiter, hiring manager, or IT admin can be expected to spot a high-quality deepfake in a live interview. That’s where Clarity comes in.

Our AI-powered detection platform is designed to seamlessly analyze video feeds, pre-recorded interviews, and live calls to identify synthetic media in real-time.

When we ran the videos shared in Unit42’s report through our Clarity Studio, the outcome was clear:

Deepfake detected - with a clear confidence score that tells you instantly whether a video is real or synthetic. No need for manual checks or deepfake expertise - Clarity delivers fast, decisive answers when it matters most.

No manual frame-by-frame reviews. No specialized training required. Just fast, reliable detection that integrates directly into your workflows.

Automating Trust in a Synthetic World

At Clarity, we believe organizations shouldn’t have to become deepfake experts to stay protected. Whether you're hiring globally, conducting sensitive interviews, or verifying identities remotely, our system ensures:

  • Real-time detection during live calls

  • Comprehensive analysis of recorded videos

  • Automated alerts when synthetic media is detected

With Clarity, you can focus on growing your team and business, without second-guessing who’s really on the other side of the screen.

See It In Action

We applaud Unit42 for shedding light on this growing threat. To demonstrate how proactive detection can neutralize these risks, we’ve analyzed the same deepfake videos from their post using Clarity Studio.

Check out the screenshots below to see how Clarity instantly flags these synthetic identities - before they become your next insider threat.

Our studio results on Unit42 Figure 4 video: A demonstration of a realtime deepfake on cheap and widely-available hardware

Our studio results on Unit42 Figure 4 video: A demonstration of a realtime deepfake on cheap and widely-available hardware
Our studio results on Unit42 Figure 5: demonstration of identity switching
Our studio results on Unit42 Figure 6. A higher quality deepfake using a more resource-intensive technique
Our studio results on Unit42 Figure 7c. The "sky-or-ground"

Iranian Deepfake of Israeli Defense Minister Airs Live — and How Clarity Caught It Instantly

A manipulated video of Israel’s former Defense Minister was accidentally broadcast on national TV. Within minutes, Clarity’s platform flagged it as a high-confidence deepfake—demonstrating the urgent need for real-time media verification in today’s information wars.

Niv Amitay
,
AI Cyber Generation Lead
April 14, 2025

On Saturday night, Israeli Channel 14 mistakenly aired a manipulated video of former Defense Minister Yoav Gallant—an AI-generated deepfake that appeared to originate from Iranian media sources. The incident, which took place during the channel’s evening newscast, showcased Gallant speaking in Hebrew but with a clear Persian accent. The anchor, recognizing the suspicious nature of the clip, interrupted the broadcast mid-sentence, calling out the video as fabricated.

“On the first sentence I said stop the video. We apologize. This is cooked… These are not Gallant’s words but AI trying to insert messages about the U.S. and the Houthis,” said anchor Sarah Beck live on air.

Shortly after, Channel 14 issued an official statement confirming that the video was aired without prior verification and that an internal investigation was underway.

What Actually Happened?

The video portrayed Gallant stating that “the U.S. will not be able to defeat the Houthis,” a politically charged statement intended to sow confusion and manipulate public sentiment. Although the channel removed the clip within seconds, the damage was already done: the AI-generated video had reached thousands of viewers.

This incident highlights the speed, sophistication, and geopolitical implications of deepfake attacks.

How Clarity Responded — in Real Time

Minutes after the clip aired, our team at Clarity ran the footage through Clarity Studio, our real-time media analysis and deepfake detection platform. The results were clear:

  • Manipulation Level: High
  • Audio-Visual Inconsistencies: Detected in voice pattern and facial dynamics
  • Anomaly Source: Synthetic voice generation with foreign accent simulation

Here’s the detection screenshot from Clarity Studio:

We identified clear mismatches between Gallant’s known voice and speech pattern compared to the clip, along with temporal inconsistencies in facial movement and audio syncing—hallmarks of state-sponsored deepfake manipulation.

Why It Matters

This wasn’t a fringe incident. This was a high-profile deception attempt broadcast on national television. Deepfakes are no longer future threats. They are present-day weapons—used to spread disinformation, manipulate public opinion, and erode trust in media.

And this time, Clarity caught it before the narrative could spiral out of control.

The Takeaway

Broadcasters, law enforcement, and government agencies need tools that can verify audio and video authenticity in real time. This isn’t just about technology—it’s about safeguarding democratic discourse and preventing psychological operations from hostile actors.

At Clarity, we’re building the tools to detect these threats before they become headlines.

Guarding the C-Suite: Deepfakes and Brand Risk

Imagine a video circulating online, featuring the CEO of a major financial institution endorsing a dubious investment scheme. The video looks and sounds authentic, but it's a meticulously crafted deepfake. This scenario, once the stuff of science fiction, is becoming an increasingly possible reality, posing a significant threat to brand reputation and financial security.

Michael Matias
,
Co-Founder & CEO
January 15, 2025

Changpeng Zhao (CZ) of Binance recently warned, deepfakes are proliferating in the crypto space, impersonating prominent figures to promote scams and fraudulent projects. The message is clear: the digital age has ushered in a new era of brand vulnerability.

Deepfakes, powered by sophisticated artificial intelligence, manipulate audio and video to create convincing forgeries. The technology's accessibility and affordability have democratized its use, making it easier for malicious actors to create realistic impersonations.

In the financial and crypto sectors, where trust is paramount, deepfakes can cause substantial damage. Impersonating CEOs, creating fake endorsements, and fabricating promotional materials are just a few of the tactics being employed. The potential for financial damage is substantial, as unsuspecting individuals are tricked into sending money or divulging sensitive information.

Consider the recent surge in deepfakes impersonating public figures endorsing cryptocurrency scams. These fabricated videos, often spread through social media, can deceive even savvy investors.

Brand And Financial Consequences

The consequences are concerning, leading to substantial financial losses and a severe erosion of trust in the affected brands.

The impact on brand reputation can be significant. Deepfakes can tarnish a brand's image overnight, eroding the credibility built over years. Regaining trust after a deepfake incident is an uphill battle, requiring a concerted effort to restore public confidence. In a digital world where information spreads quickly, the damage can be extensive and long-lasting.

However, there are strategies for mitigating and preventing deepfake attacks. Technological solutions are at the forefront of this battle. Deepfake detection tools, powered by AI, can analyze videos and audio to identify telltale signs of manipulation. 

Blockchain technology offers another layer of protection, providing a secure and transparent way to verify identity and content. Watermarking and digital signatures can also help authenticate media and prevent tampering.

A Technological Arms Race

The deepfake threat isn't static; it's a rapidly evolving landscape. The technology itself is constantly being refined, with advancements in AI and machine learning pushing the boundaries of what's possible. 

This evolution is driven by a technological arms race. As detection tools improve, so do the methods used to create deepfakes. Generative adversarial networks (GANs), for instance, are becoming more sophisticated, allowing for the creation of highly realistic synthetic content. 

Furthermore, the accessibility of powerful computing resources and open-source deepfake software democratizes the technology, placing it within reach of even less technically skilled individuals.

This constant evolution presents a significant challenge for detection and mitigation efforts. It's not simply a matter of developing a one-size-fits-all solution; it's an ongoing battle against increasingly sophisticated techniques

-

Detection, collaboration, and information sharing are all vital in combating this evolving threat. While detection and prevention should be the first port of call, collaboration with law enforcement and regulatory agencies can help bring deepfake creators to justice.