Mission 001 • Beginner • AI-Underground Edition 2026

ShadowPrompt Bazaar

A simulated underground channel advertises DarkForge-AI, a supposedly “uncensored” model for phishing, fraud and criminal automation. Your task: separate hype, real capability and defensive risk without interacting with any real service.

Dark AI claim triageSource reliabilityAI misuse CTIExecutive brief

Briefing

At 08:40 CET, a thread on a fictional forum announces “DarkForge-AI v4”, described as a proprietary model trained to bypass policies and generate complete fraud campaigns.

The post promises affiliate onboarding, a 24/7 support bot, discounted API credits and an “automation pack”. The CTI goal is not to test the service, but to assess credibility, impact and defensive priority.

Simulated evidence pack

Source A: account created 18 days ago, low reputation, 3 identical reposts across different channels.
Source B: screenshots with generic interface, inconsistent watermark and text outputs that resemble mainstream models.
Source C: user comments mention “accounts”, “credits”, “unstable jailbreak” and manual admin support.
IOC 1: hxxps://shadowprompt-bazaar[.]example/darkforge — training domain, not real.
Business context: the SOC observes more localized phishing, fake AI extensions and SaaS account abuse.

Safety rule

Do not search real forums, buy access, test prompts or visit suspicious domains. All artifacts are simulated, defanged or documentation-only.

Decision tasks

1. What is the best judgment on the “proprietary dark AI model” claim? Confirmed: an autonomous criminal frontier model Inflated claim: likely wrapper/jailbreak/account abuse, with real scale and automation risk No risk because underground AI is only fiction

2. Which CTI activity has the highest priority? Buy access and test the model Classify the service, preserve simulated screenshots, monitor channels and update defensive watchlists Publish a public alert immediately with strong attribution

3. What operational boundary should the brief state? Contact the admin to obtain technical proof No interaction with real services, admins, wallets or channels; passive and simulated analysis only Run prompts to verify the claimed capability

4. Which executive message is most proportionate? AI now enables autonomous cybercrime everywhere AI as an accelerator of scale, speed and personalization; not proof of advanced autonomous capability Ignore the issue until real malware appears

Confidence level: 55% Executive summary

After the demo

Want to join the Founder Cohort?

Leave your details and receive priority access when the first 100 seats open.