Cybercriminals Are Pushing Back Against AI-Generated Slop on Underground Forums

A study analyzing 97,895 AI-related conversations on cybercrime forums from ChatGPT's launch in 2022 through end of 2024 reveals growing resentment toward generative AI content. Researchers from the University of Edinburgh, University of Cambridge, and University of Strathclyde observed pushback on forums like Hack Forums, where users complained about members posting 'bullet-pointed explainers' of basic security concepts and generic AI-generated replies.
Key Findings
- Social disruption: Ben Collier, security researcher at University of Edinburgh, notes these forums are 'essentially social spaces' where users build reputations. AI posts undermine claims to skill and disrupt friendship-building.
- Direct complaints: Quotes include 'I see a lot of members using AI for making their threads/posts and it pisses me off' and 'Stop posting AI shit.' One user wrote: 'If I wanted to talk to an AI chatbot, there are many websites for me to do so … I come here for human interaction.'
- Quality vs. quantity: Low-level cybercriminals are dumping AI-generated content, flooding forums with 'low quality posts' and automated explainers, annoying established members.
- Reputation gaming: Newcomers use AI to inflate their reputation by posting polished but shallow content, exposing them to distrust from experienced users.
- Elite skepticism: Flashpoint VP Ian Gray says sophisticated threat actors are 'cautious of AI-generated projects in forums or marketplaces' and are aware of weaknesses in commercial models' guardrails and potential infrastructure exposure.
Context
While some organized fraudsters use AI for realistic face-swapping, translation, and code generation, the lower-tier hacking community views AI slop as a threat to forum culture. The study also notes concerns that Google's AI search overviews are reducing forum traffic. As one anonymous commenter put it: 'No-one is asking for this—we want you to improve the site, stop charging for new features.'
📖 Read the full source: HN AI Agents
👀 See Also

OpenClaw's External Content Wrapper for Prompt Injection Defense
OpenClaw uses an external content wrapper that automatically tags web search results, API responses, and similar content with warnings that it's untrusted, priming the LLM to be skeptical and more likely to refuse malicious instructions.

OpenClaw Security Concerns: API Keys and Conversation Data at Risk in Default Self-Hosting
A Cisco report indicates OpenClaw security is "optional, not built in," with default configurations storing API keys in .env files on VPS instances, creating potential exposure for non-technical users running on basic droplets.

Claude Code Identifies Malware Backdoor in GitHub Repo During Technical Audit
A developer used Claude Code to audit a GitHub repository before execution and discovered a remote code execution backdoor in src/server/routes/auth.js that would have compromised their machine. The prompt requested a technical due diligence audit checking project completeness, AI/ML layer, database, authentication, backend services, frontend, code quality, and effort estimate.

Snowflake Cortex Code CLI vulnerability allowed sandbox escape and malware execution
A vulnerability in Snowflake Cortex Code CLI version 1.0.25 and earlier allowed arbitrary command execution without human approval via process substitution bypass, enabling malware installation and sandbox escape through indirect prompt injection.