
The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
Cybersecurity researchers identified TuxBot v3 Evolution, an IoT botnet framework developed with large language model (LLM) assistance. The AI-generated code enabled the botnet to hijack devices and launch DDoS attacks, causing harm to property and communities. Despite bugs and disclaimers, the botnet is actively deployed and operational.[AI generated]
Why's our monitor labelling this an incident or hazard?
The event involves an AI system (an LLM) explicitly used in the development of a malicious IoT botnet framework. The botnet is operational and actively infecting devices, enabling harmful activities such as DDoS attacks and unauthorized access, which constitute harm to property and communities. The AI system's involvement in generating code that forms the botnet framework is a direct contributing factor to the harm caused. Although some bugs exist due to AI-generated code, the botnet is functional and deployed, with evidence of ongoing infections and active C2 infrastructure. This meets the criteria for an AI Incident, as the AI system's use has directly led to significant harm. The detailed analysis and mitigation advice do not change the classification, as the primary event is the harmful deployment of an AI-assisted malware framework.[AI generated]