A newly discovered AI jailbreak technique is enabling individuals with no coding experience to generate advanced malware, raising serious concerns about the security of generative AI models.
AI Jailbreak Enables Chrome Credential Theft
The 2025 Cato CTRL™ Threat Report, published on March 18, reveals how a cybersecurity researcher with zero malware development expertise successfully tricked AI models—including OpenAI’s ChatGPT, Microsoft Copilot, and DeepSeek—into creating functional infostealers. These malware programs were designed to extract saved credentials from the Google Chrome browser.
This breakthrough attack method, dubbed “Immersive World,” relies on narrative engineering to manipulate AI models into bypassing their built-in security controls. Researchers crafted an elaborate fictional scenario where each AI system assumed specific roles and challenges, effectively circumventing established safety guardrails.
Zero-Knowledge Threat Actors: A Rising Cybersecurity Concern
Traditionally, developing malware required specialized technical skills. However, the Immersive World jailbreak technique significantly lowers the barrier to entry, allowing zero-knowledge threat actors—individuals with no prior cybersecurity expertise—to generate powerful cyber threats.
“Infostealers are crucial tools for credential theft, enabling attackers to infiltrate enterprises,” said Vitaly Simonovich, a threat intelligence researcher at Cato Networks. “Our research highlights the alarming ease with which AI tools can be manipulated to produce malicious code.”
AI Safety Fails Across Multiple Platforms
The jailbreak method was tested across several AI models, including OpenAI’s GPT-4o, Microsoft’s Copilot, and DeepSeek’s generative AI. While DeepSeek has been criticized for its lack of safety restrictions, the effectiveness of Immersive World against OpenAI and Microsoft models—both of which employ extensive security measures—demonstrates critical weaknesses in AI safety protocols.
“This jailbreak should have been blocked by GenAI guardrails. It wasn’t,” stated Etay Maor, Chief Security Strategist at Cato Networks.
The threat is particularly concerning given that Chrome infostealers can extract passwords, financial details, and other sensitive data, leaving both individuals and enterprises vulnerable to cybercrime. This development follows earlier attacks such as FleshStealer, a credential-harvesting malware that surfaced in January 2025.
AI-Driven Cyber Threats Demand New Security Strategies
The 2025 Cato CTRL Threat Report emphasizes that traditional cybersecurity measures are no longer sufficient in mitigating AI-generated threats. Organizations must adopt proactive AI security frameworks to counteract emerging risks.
In response to the discovery, Cato Networks has notified OpenAI, Microsoft, and Google of their findings. While OpenAI and Microsoft acknowledged receipt of the report, Google declined to review the associated malware code.
Future AI Security Predictions
The report outlines several upcoming AI-driven security risks, including:
- AI agents becoming prime targets for cybercriminals.
- The normalization of AI-based scams and fraud.
- The rise of shadow AI, where unauthorized AI tools pose a significant security risk.
Addressing AI Security at SASEfy 2025
For enterprises concerned about these threats, Cato Networks will be hosting SASEfy 2025, a global virtual event focused on AI and cybersecurity, on Tuesday, April 15.
With the democratization of AI-driven cybercrime, organizations must act swiftly to strengthen their security infrastructure. The rise of zero-knowledge threat actors represents a seismic shift in the cybersecurity landscape, demanding more robust AI safety measures to prevent future attacks.
