Elon Musk Reportedly Shared an AI-Genera…

BackAkiraBot Reportedly Used OpenAI to Spam Website Chats and Contact Forms at Scale

AkiraBot Reportedly Used OpenAI to Spam Website Chats and Contact Forms at Scale

Sep 1, 20241 reportSeverity: MinorHigh confidence

AkiraBot, a sophisticated Python framework, used OpenAI's GPT-4o-mini model to generate customized spam messages and targeted over 400,000 websites' contact forms and chat widgets to promote dubious SEO services, successfully spamming at least 80,000 websites since September 2024.

AkiraBot is a Python-based spam framework that has been active since September 2024, targeting small to medium-sized business websites built on platforms like Shopify, GoDaddy, Wix, and Squarespace. The bot uses OpenAI's GPT-4o-mini model with hardcoded API keys to generate customized spam messages that promote low-quality SEO services under the 'Akira' and 'ServiceWrap' brands. The system scrapes website content using BeautifulSoup and feeds it to the AI model with the prompt 'You are a helpful assistant that generates marketing messages' to create tailored outreach messages that appear legitimate and bypass spam filters. SentinelLABS analysis revealed that AkiraBot targeted more than 400,000 websites and successfully spammed at least 80,000 websites. The framework employs sophisticated evasion techniques including multiple CAPTCHA bypass mechanisms using services like Capsolver, FastCaptcha, and NextCaptcha, browser fingerprint spoofing through inject.js scripts, and proxy rotation via SmartProxy service. The bot targets both website contact forms and live chat widgets, including Reamaze integrations, operating through a GUI that allows concurrent multi-threaded attacks. OpenAI's security team collaborated with the investigation and disabled the associated API keys upon learning of the misuse.

Domain classification, causal taxonomy, severity scores, and national security assessments were LLM-classified and may contain errors.

Risk Domain

4Malicious Actors & Misuse

4.3Fraud, scams, and targeted manipulation

Using AI systems to gain a personal advantage over others such as through cheating, fraud, scams, blackmail or targeted manipulation of beliefs or behavior. Examples include AI-facilitated plagiarism for research or education, impersonating a trusted or fake individual for illegitimate financial benefit, or creating humiliating or sexual imagery.

Causal Classification

Entity

Human

Due to a decision or action made by humans

Intent

Intentional

Due to an expected outcome from pursuing a goal

Timing

Post-deployment

Occurring after the AI model has been trained and deployed

Harm Severity Assessment

Highest Score:2 — Minor(Toxic or Malicious Content, direct)

National Security Assessment

Overall Score(2/5)

Stakeholders

Developers: Unknown Akirabot Developers, OpenAI
Deployers: Unknown Malicious Actors, Unknown Akirabot Operators
Harmed Parties: Wix Sites, Victims Of Akirabot, Squarespace Sites, Small Business Owners, Shopify Sites, Medium Sized Business Owners, Godaddy Sites, Customers, Business Website Users, Business Owners

AI System Classification

Primary Purpose: Marketing Analytics Generation
Secondary Purpose: Content Generation
EU AI Act Risk Level: 4 Minimal or No Risk
Occurrences: 1

Population Impact

Reportedly Harmed: 80,000
Reportedly Exposed: 400,000

External Links

View on AI Incident Database