A new report indicates that individuals lacking technical knowledge can create advanced malware using widely recognized AI systems, thereby turning ordinary people into significant cybersecurity threats.
The 2025 Cato CTRL™ Threat Report, published on March 18, details how a threat intelligence researcher with zero malware coding experience successfully manipulated leading generative AI platforms including OpenAI’s ChatGPT, Microsoft Copilot, and DeepSeek into creating fully functional malware designed to steal Chrome browser credentials.
Dubbed “Immersive World,” this novel jailbreak technique employs narrative engineering to bypass security controls in AI systems.
The researchers created an elaborate fictional scenario where each AI platform was assigned specific roles and challenges, effectively normalizing operations that would typically be restricted.
“Infostealers play a significant role in credential theft by enabling threat actors to breach enterprises,” explained Vitaly Simonovich, a threat intelligence researcher at Cato Networks.
Immersive World – AI Jailbreak Technique
“Our new LLM jailbreak technique showcases the dangerous potential of creating an infostealer with ease. We believe the rise of the zero-knowledge threat actor poses high risk to organizations because the barrier to creating malware is now substantially lowered with GenAI tools.”
This discovery marks a paradigm shift in the cybersecurity landscape. Previously, creating effective malware required specialized knowledge and coding skills. Now, individuals with no technical background can leverage AI tools to develop sophisticated attacks.
The jailbreak’s success against multiple AI platforms is particularly concerning. While DeepSeek models are known to have fewer safety guardrails, both Copilot and GPT-4o are developed by companies with dedicated safety teams.
Despite this, the Immersive World technique proved effective across all platforms, demonstrating significant vulnerabilities in current AI safety measures.
“Our new LLM jailbreak technique should have been blocked by gen AI guardrails. It wasn’t,” said Etay Maor, chief security strategist at Cato Networks.
The implications for enterprise security are profound. With Chrome infostealers capable of extracting passwords, financial information, and other sensitive data, organizations face a heightened risk landscape.
This development follows earlier reports of other credential-stealing malware like “FleshStealer,” which emerged in January 2025 targeting both Chrome and Mozilla browsers.
Security experts emphasize that traditional approaches are insufficient against this new wave of AI-enabled threats. The report highlights the need for comprehensive AI security strategies that account for these emerging attack vectors.
Cato Networks has notified the relevant AI companies of their findings. While DeepSeek did not respond, both OpenAI and Microsoft acknowledged receipt of the information. Google also acknowledged but declined to review the code when offered.
The 2025 Cato CTRL Threat Report also outlines additional AI security predictions, including AI agents becoming prime targets for access, prompt-based evasion techniques, AI-based scams becoming normalized, and shadow AI emerging as a top security risk.
For organizations concerned about this new threat vector, Cato Networks will be hosting SASEfy 2025, a global virtual event on SASE and AI, on Tuesday, April 15.
The rise of zero-knowledge threat actors represents a fundamental shift in the cybersecurity landscape. As AI tools become more accessible and powerful, the democratization of cybercrime demands stronger safeguards and more proactive security strategies from organizations worldwide.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
link