Cybercriminals Are Pushing Back Against AI-Generated Slop on Underground Forums
A study analyzing 97,895 AI-related conversations on cybercrime forums from ChatGPT's launch in 2022 through end of 2024 reveals growing resentment toward generative AI content. Researchers from the University of Edinburgh, University of Cambridge, and University of Strathclyde observed pushback on forums like Hack Forums, where users complained about members posting 'bullet-pointed explainers' of basic security concepts and generic AI-generated replies.
Key Findings
- Social disruption: Ben Collier, security researcher at University of Edinburgh, notes these forums are 'essentially social spaces' where users build reputations. AI posts undermine claims to skill and disrupt friendship-building.
- Direct complaints: Quotes include 'I see a lot of members using AI for making their threads/posts and it pisses me off' and 'Stop posting AI shit.' One user wrote: 'If I wanted to talk to an AI chatbot, there are many websites for me to do so … I come here for human interaction.'
- Quality vs. quantity: Low-level cybercriminals are dumping AI-generated content, flooding forums with 'low quality posts' and automated explainers, annoying established members.
- Reputation gaming: Newcomers use AI to inflate their reputation by posting polished but shallow content, exposing them to distrust from experienced users.
- Elite skepticism: Flashpoint VP Ian Gray says sophisticated threat actors are 'cautious of AI-generated projects in forums or marketplaces' and are aware of weaknesses in commercial models' guardrails and potential infrastructure exposure.
Context
While some organized fraudsters use AI for realistic face-swapping, translation, and code generation, the lower-tier hacking community views AI slop as a threat to forum culture. The study also notes concerns that Google's AI search overviews are reducing forum traffic. As one anonymous commenter put it: 'No-one is asking for this—we want you to improve the site, stop charging for new features.'
📖 Read the full source: HN AI Agents
👀 See Also
Anthropic's Claude Desktop App Installs Undisclosed Native Messaging Bridge
Claude Desktop silently installs a preauthorized browser extension that enables native messaging, raising security concerns.
MCP Server CVE Exposure Mapping and Public API Released
Researchers have mapped CVE exposure across thousands of MCP servers and built a public API for querying dependency vulnerabilities. The API allows searching by repo/name, filtering by severity, and sorting by CVE count or recency.
Stop Trusting AI More Than a Human — Apply the Same Access Controls
A Reddit discussion argues that AI coding agents should be treated like junior devs — no prod access, no direct writes, enforce CI/CD pipelines and role-based permissions.
Security probe results for OpenClaw, PicoClaw, ZeroClaw, IronClaw, and Minion AI agents
A security evaluation of five AI coding agents tested 145 attack payloads across 12 categories including prompt injection, jailbreaking, and data exfiltration. OpenClaw scored 77.8/100 with critical SQL injection vulnerabilities, while Minion improved from 81.2 to 94.4/100 after fixes.