PALO Alto Networks' Unit 42 identified TuxBot v3, a new IoT botnet framework that utilizes AI for code development. Notably, the large language model (LLM) used by the developer left its safety disclaimers in the code, which is present in all sixty-one C source files. Despite some functionality—like scanning and brute-forcing Telnet with 1,496 credential pairs—many bugs were attributed to the LLM, including failures in the command and control (C2) authentication module.
The botnet framework supports multiple architectures and incorporates a command-and-control server for DDoS operations. The botnet's flaws highlight risks associated with AI in coding, as generated code, though clean in appearance, contains significant vulnerabilities. Investigation into the developer's background revealed connections to infrastructure linked to Iranian entities.