Cybercriminals Are Pushing Back Against AI-Generated Slop on Underground Forums

A study analyzing 97,895 AI-related conversations on cybercrime forums from ChatGPT's launch in 2022 through end of 2024 reveals growing resentment toward generative AI content. Researchers from the University of Edinburgh, University of Cambridge, and University of Strathclyde observed pushback on forums like Hack Forums, where users complained about members posting 'bullet-pointed explainers' of basic security concepts and generic AI-generated replies.
Key Findings
- Social disruption: Ben Collier, security researcher at University of Edinburgh, notes these forums are 'essentially social spaces' where users build reputations. AI posts undermine claims to skill and disrupt friendship-building.
- Direct complaints: Quotes include 'I see a lot of members using AI for making their threads/posts and it pisses me off' and 'Stop posting AI shit.' One user wrote: 'If I wanted to talk to an AI chatbot, there are many websites for me to do so … I come here for human interaction.'
- Quality vs. quantity: Low-level cybercriminals are dumping AI-generated content, flooding forums with 'low quality posts' and automated explainers, annoying established members.
- Reputation gaming: Newcomers use AI to inflate their reputation by posting polished but shallow content, exposing them to distrust from experienced users.
- Elite skepticism: Flashpoint VP Ian Gray says sophisticated threat actors are 'cautious of AI-generated projects in forums or marketplaces' and are aware of weaknesses in commercial models' guardrails and potential infrastructure exposure.
Context
While some organized fraudsters use AI for realistic face-swapping, translation, and code generation, the lower-tier hacking community views AI slop as a threat to forum culture. The study also notes concerns that Google's AI search overviews are reducing forum traffic. As one anonymous commenter put it: 'No-one is asking for this—we want you to improve the site, stop charging for new features.'
📖 Read the full source: HN AI Agents
👀 See Also

Open Source AI Tools Pose Security Risks Through 'Illusory Security Through Transparency'
A Reddit post warns about malware disguised as open-source AI agents and tools, where malicious code can be hidden in large codebases that users assume are safe because they're on GitHub. The post describes how 'vibe-coding' and autonomous AI agents condition users to run unknown programs without review.

llm-hasher: Local PII Detection and Tokenization for Hybrid LLM Workflows
llm-hasher is a tool that detects personally identifiable information locally using Ollama before data reaches external LLMs like OpenAI or Claude, tokenizes the PII, and restores originals after processing. It uses regex for structured data types and a local LLM for contextual detection, with encrypted storage for mappings.

OpenClaw Security Audit Command Prompts Plain-English Vulnerability Reports
A Reddit user shared a prompt for the OpenClaw CLI that runs a deep security audit and outputs findings in plain English, specifying what's exposed, severity scores, and exact config fixes.

Local Model Prompt Injection Scanner for AI Skills Security
A proof-of-concept tool scans third-party AI skills for hidden bash command injections using a local non-tool-calling model like mistral-small:latest on Ollama, addressing security vulnerabilities in Claude Code's ! operator feature.