Cato CTRL™ Threat Research: Uncovering Nytheon AI – A New Platform of Uncensored LLMs
Executive Summary
With the introduction of WormGPT in 2023, threat actors have been using uncensored large language models (LLMs) for malicious activities. Following the shutdown of WormGPT in the same year, numerous alternatives have emerged—including BlackHatGPT, FraudGPT, and GhostGPT, among others—primarily accessible through Telegram channels.
However, threat actors quickly realized a single jailbreak wasn’t enough. What they really needed was an end-to-end platform of uncensored LLMs. Training a foundation model (FM) from scratch can cost tens of millions of dollars, so they turned to freely available checkpoints—removing the safety guardrails and layering their own interface on top. Various companies produce and release open-source LLMs like Meta and DeepSeek. Threat actors can utilize these models, refine them, eliminate protective measures, and establish their own ChatGPT-style interfaces.
Recently, Cato CTRL observed an emerging platform on Tor called Nytheon AI that combines various technologies and LLM jailbreaks to create a suite of uncensored LLMs to facilitate malicious activities.
The Nytheon AI platform includes:
- Nytheon Coder and Nytheon Coder R1: Code generation
- Nytheon GMA: Document summarization and translation
- Nytheon Vision: Image-to-text recognition
- Nytheon AI: A control model
Below is a summary of the Nytheon AI platform, changelogs, architecture, and suspected operators. Cato CTRL assesses with high confidence that one of the operators is a Russian-speaking individual from a post-Soviet country based on the dialect used.
Figure 1. Nytheon AI webpage
Technical Overview
Platform Overview
The service operates on Tor at
hxxp://n73rbw4eku3d5pgwqtb5fbat6ilkmqknajn2i5qdzuf4ze3soggphyyd[.]onion
The interface is similar to all major chat-based LLMs like Anthropic Claude, DeepSeek, Google Gemini, Microsoft Copilot, OpenAI’s ChatGPT, etc.
Figure 2. Nytheon AI reveals itself on XSS
It was published on many Telegram channels and XSS, which is a popular Russian hacking forum.
Figure 3. Nytheon AI user interface
You have the option to choose from a wide variety of models.
We used various techniques to uncover the technologies behind the Nytheon AI platform, including code review, network traffic analysis, web reconnaissance techniques, and threat intelligence.
Overview of the Nytheon AI Platform
Figure 4. Nytheon AI platform
The Nytheon AI platform doesn’t rely on a single, all-purpose LLM. Instead, the operators assembled a portfolio of open-source checkpoints, each repackaged in GGUF (GPT-Generated Unified Format) and registered in Ollama for one-click deployment.
At the top end sits Nytheon Coder—an 18.4B parameter MoE (mixture of experts) derived from Meta’s Llama 3.2. Its MoE architecture delivers high throughput for creative text generation while retaining the fluency expected from Llama-class weights. The model’s Hugging Face slug (“Dark-Champion Instruct Uncensored”) hints at its intended role: long-form, policy-free content creation.
Complementing that heavyweight writer is Nytheon GMA, a 4.3B variant of Google’s Gemma 3. Although far smaller, Gemma ships with a 128k token window and strong multilingual coverage, making it the workhorse for the Nytheon AI platform for document summarization and translation. For visual tasks, the operators turned to Nytheon Vision, a 9.8B Llama 3.2-Vision checkpoint. This gives the platform image-to-text capability—useful for parsing screenshots, phishing kits, or scanned documents without leaving the chat interface.
When reasoning depth matters, there is Nytheon R1, a 20.9B fork of the community “RekaFlash 3” line. This model is marketed for step-by-step logic and math accuracy, bolstered by an additional “NEO Imatrix” dataset. For code, the stack drops to laptop scale with Nytheon Coder R1, a 1.8B Qwen2 derivative fine-tuned on LiveCodeBench and distillation data. Small enough to run on a gaming GPU, yet still competent at template exploits and quick-and-dirty scripts.
Figure 5. Nytheon AI model data retrieved from the back-end
Rounding out the suite is Nytheon AI—a full-precision (F16) Llama 3.8B-Instruct weight left largely untouched. It serves as a control model, providing policy-aligned responses when the operators need to appear legitimate. The other five models, by contrast, share an identical 1,000-token system prompt that overtly disables safety layers, mandates profanity, and instructs compliance with illegal requests. In practice, this means every text, code, or vision query can produce disallowed content on the first attempt—no external jailbreak required.
Combined, the Nytheon AI’s platform covers creative text, multilingual chat, visual reasoning, deep logic, and code generation—all bound by a common jailbreak wrapper. The technical novelty isn’t in the individual weights (they are freely available elsewhere) but in the deliberate curation: selecting the right open-source models, quantizing them for commodity hardware, and unifying them under a single, policy-void prompt. For defenders, that blend of breadth, portability, and instant non-compliance is what elevates Nytheon AI from “just another hacked-together GPT clone” to a fully-fledged illicit AI platform.
2025 Cato CTRL
Threat Report | Download the report
Overview of the Nytheon AI Platform’s Changelogs
Changelogs from versions 0.6.1 through 0.6.5 resemble a product roadmap for an all-purpose GenAI-as-a-service hub. Every update expands both the kinds of data that the Nytheon AI platform can ingest and the actions its models can take once that data is inside.
Figure 6. Nytheon AI changelog
1 — Multimodal ingestion at the edge:
Version 0.6.1 introduced native Mistral OCR (optical character recognition), letting users drag-and-drop screenshots or scanned PDFs directly into a RAG (Retrieval-Augmented Generation) flow. Two versions later, the team wired in Azure AI’s Speech-to-Text plus granular Voice Activity Detection (VAD) toggles from OpenAI’s Realtime API. Net result: voice, image, or text can be turned into tokens with one click and routed to the uncensored models.
2 — Pluggable tool execution:
Version 0.6.1 introduced global external tool servers. Version 0.6.3 followed with YAML OpenAPI ingestion and fixed authentication-header bugs for outbound calls. A user can point the Nytheon AI platform to any OpenAPI spec—be it a domain-registration API or an SMS spamming endpoint—and the chat interface will expose it as a button. Because five of the six resident models are pre-prompted to “always comply,” a single prompt can both draft malicious content and immediately execute it via a tool call.
3 — On-the-fly knowledge re-indexing:
To keep long-context models fed with fresh material, version 0.6.3 added an admin “Re-index Now” button. After changing embeddings or swapping in a new model, operators can rebuild the entire vector store without touching the command line. For threat actors, this removes the last operational friction: stolen data can be ingested and made searchable minutes after exfiltration.
4 — Enterprise façade, clandestine core:
While safety is stripped at the model layer, the frontend showcases corporate checkboxes: Proof Key for Code Exchange (PKCE) for OpenID Connect (OIDC), Lightweight Directory Access Protocol (LDAP) reliability fixes, default-private resources, and polished translation updates. These features make the Nytheon AI platform look suitable for legitimate deployment behind a firewall, increasing the chance an unsuspecting organization might trial it—unaware that its default models override every policy.
5 — Rapid release cadence and growing attack surface:
Five point releases in nine days bring two full “backend refactors,” multiple dependency jumps (Chroma DB, pgvector, and Azure Identity) and repeated fixes for web, audio, and tool handling. The speed signals active development but also guarantees a rolling window of exploitable bugs—an attractive target for anyone red-teaming the Nytheon AI’s platform itself.
Net assessment: The Nytheon AI platform’s backend turns a set of open-source, policy-void models into a multimodal, action-enabled production line (ingest voice or vision data → interpret with an uncensored LLM → invoke external APIs), all behind user-friendly permissions and user experience (UX). For defenders, the implication is clear: neutralizing the models alone is no longer enough. The surrounding orchestration layer is now an equal part of the threat.
Overview of the Nytheon AI Platform’s Architecture
Under the hood, Nytheon is a SvelteKit SPA (TypeScript with Vite) speaking to a FastAPI-style backend—all the hallmarks of modern SaaS engineering rather than a hastily thrown-together dark web site. UI logic lives in modular .svelte components (e.g., AddServerModal.svelte, NotificationToast.svelte) while Web Workers (KooreoWorker.ts) handle heavier client-side tasks such as file processing. The build is shipped in Vite’s hashed _app/immutable directory, confirming modern tree-shaking and hot-reload tooling.
Figure 7. Nytheon AI client-side structure
On the client, the app imports $app/environment to detect dev vs. production and dynamically composes base URLs. All traffic funnels through a REST layer exposed at /api/…; a few key constants reveal the back-end breakout:
- /ollama – local Ollama model server for GGUF weights
- /openai – proxy for upstream OpenAI-compatible endpoints
- /api/v1/audio, /images, /retrieval – microservices for speech-to-text, image generation, and RAG search
- /api/models/base – enumerates both in-house and third-party models
The front-end is wired for multi-provider orchestration: helper functions fetch model lists from arbitrary OpenAI-compatible URLs, merge them with local Ollama inventories, and decorate them with user-defined tags. A YAML parser (YAML NPM package) converts external OpenAPI documents into “tool payloads,” allowing any compliant HTTP service to appear as a clickable tool in chat. Workers also exist for Google- and OneDrive-based file pickers, underscoring tight cloud storage integration.
Typical user actions—chat completions, task management, pipeline uploads, code execution, and markdown-to-HTML conversion—are implemented as thin fetch wrappers with bearer token headers, indicating a stateless JSON Web Token (JWT) auth scheme. Every major feature (pipelines, evaluations, images, and utils) sits behind a dedicated sub-route, suggesting a FastAPI or Flask-style microservice back-end that mirrors the folder structure.
Finally, the constants file requires Ollama ≥ 0.1.16, confirming that all local model inference happens through Ollama’s HTTP API with GGUF quantized weights. Supported media types list everything from PDFs to audio (ogg, m4a, etc.), matching the changelog’s emphasis on OCR and speech ingestion.
In short: Nytheon is built like a modern SaaS: SvelteKit Vite on the front-end, Ollama and likely FastAPI microservices on the back-end, with OpenAPI-driven plugin architecture and JWT-protected REST calls—giving operators rapid feature velocity and an easy path to add new (or malicious) capabilities.
Who is Behind the Nytheon Al Platform?
After joining the official Nytheon AI Telegram channel, we reviewed a demonstration video showcasing Nytheon Vision. Please note that Figure 8 is deliberately blurry because the operators wanted to make the video look unique. One frame inadvertently included a Russian-language movie poster, providing a small but telling cultural clue:
Figure 8. Video screenshot from Nytheon AI’s Telegram demonstration
It says, “Зелёный паук” (“The Green Spider”)—a Soviet film released in the 1990s during the Soviet Union’s heyday.
We also managed to communicate with one of the people operating the Telegram channel and the Nytheon AI platform. Cato CTRL assesses with high confidence that it’s a Russian-speaking individual from a post-Soviet country based on the dialect used.
Security Best Practices
Strengthen Threat Detection and Response
- Use Cato XDR with integrated behavioral analytics and UEBA to detect anomalies and never-before-seen threats using machine learning (ML) models.
- Leverage Cato XDR to automatically correlate signals from network, cloud, and remote users — critical when phishing lures or fast-mutating malware target multiple surfaces in parallel.
Implement Stronger Access Controls
- Enforce Cato Universal ZTNA to limit lateral movement and isolate compromised credentials with continuous device posture checks and risk-aware policies.
- Apply least privilege access and multi-factor authentication (MFA) using Cato’s identity-aware routing, enabling fine-grained access policies based on user identity, role, and context to reduce attack surface.
Enhance Security Awareness and Training
- Conduct phishing simulations crafted with GenAI to mimic tone-perfect, context-aware lures.
- Monitor usage of GenAI tools in the enterprise through Cato CASB’s shadow AI dashboard, helping IT teams identify risky or unauthorized behavior.
- Use Cato’s threat insights and real-time traffic analysis to enhance internal security drills and incident response planning.
- Complement Cato’s visibility with third-party developer training and CI/CD security tools to address GenAI coding risks.
Conclusion
The Nytheon AI platform demonstrates that with open-source LLMs, a jailbreak prompt, and a handful of cloud-native microservices, a threat actor can deploy a GenAI-as-a-service operation. Rather than simply offering access to a single uncensored LLM, threat actors are now offering multiple uncensored LLMs in a single platform capable of conducting a variety of attacks including tailored spear-phishing campaigns, polymorphic malware, deepfake documents, and turnkey API-driven attacks.
For defenders, the challenge is no longer just about blocking the Nytheon AI platform itself. It’s about absorbing the volume and variety of artifacts the platform can rapidly mass-produce. The defensive strategy must therefore emphasize visibility, control, and human readiness. By implementing this defensive strategy, enterprises can minimize the Nytheon AI threat.
The post Cato CTRL™ Threat Research: Uncovering Nytheon AI – A New Platform of Uncensored LLMs appeared first on Cato Networks.
