securityaffairs.com 7/16/2026, 11:46:18 AM · external

Unit 42 researchers expose AI written TuxBot v3 IoT botnet

Unit 42 researchers expose AI written TuxBot v3 IoT botnet
CyberSIXT Evidence Panel

PALO Alto Networks' Unit 42 identified TuxBot v3, a new IoT botnet framework that utilizes AI for code development. Notably, the large language model (LLM) used by the developer left its safety disclaimers in the code, which is present in all sixty-one C source files. Despite some functionality—like scanning and brute-forcing Telnet with 1,496 credential pairs—many bugs were attributed to the LLM, including failures in the command and control (C2) authentication module.

The botnet framework supports multiple architectures and incorporates a command-and-control server for DDoS operations. The botnet's flaws highlight risks associated with AI in coding, as generated code, though clean in appearance, contains significant vulnerabilities. Investigation into the developer's background revealed connections to infrastructure linked to Iranian entities.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline