The Pulling of Mythos Offline: Why AI KYC Will Fail to Stop Cybercriminals

The sudden U.S. government export controls pulling Fable 5 and Mythos 5 offline are already driving a significant surge in the cybercrime underground. To comply with these new restrictions on foreign access, frontier AI labs are expected to implement financial-grade Know Your Customer (KYC) identity verification.

Anthropic announcement restricting Mythos and Fable — Anthropic’s official announcement detailing the restriction of the Mythos and Fable frontier models due to recent regulatory mandates.

This regulatory shift creates an immediate, highly profitable monetization vector for darknet vendors. Threat actors have spent years refining methods to bypass bank-level identity checks using synthetic identities and mule accounts, and they are already adapting these frameworks to target AI platforms. The cryptocurrency ecosystem serves as a direct and undeniable precedent for this failure. For years, crypto exchanges have attempted to gatekeep access using strict KYC and AML procedures, only to face relentless circumvention from dedicated cybercriminal operations.

ZachXBT discussing the failure of KYC — Prominent blockchain investigator ZachXBT highlighting the systemic failure of KYC procedures in preventing illicit actors from accessing regulated platforms.

ZachXBT providing further evidence on KYC bypasses — Further context from the cryptocurrency sector demonstrating how cybercriminals routinely and easily circumvent stringent identity verification protocols.

A common bypass method relies entirely on existing infostealer malware infrastructure. Compromised logs from infostealers like Lumma, Vidar, and RedLine regularly capture active session tokens, cookies, and saved credentials for vital infrastructure platforms, including Claude.ai and OpenAI. An adversary in a restricted jurisdiction can purchase these stolen logs from underground shops for nominal fees. Importing these valid cookies allows them to hijack a legitimate user’s active session, entirely evading the platform’s onboarding, KYC, and multifactor authentication checks.

Hudson Rock data on OpenAI compromised credentials — Hudson Rock intelligence showing over 30,000 corporate credentials related to OpenAI harvested from infostealer infections, providing a massive attack surface to bypass identity verifications.

Stolen Claude.ai session cookies from infostealer logs — Active session cookies for Claude.ai retrieved from infostealer logs. Threat actors import these directly into their browsers to execute seamless session hijacks.

Beyond session hijacking via infostealer infections, the darknet already hosts a mature, structured market for pre-verified accounts and identity manipulation services. Threat actors actively trade bypassed accounts on dedicated cybercrime forums, treating access to restricted models as a standard, highly liquid commodity. Initial access brokers simply create the accounts using illicit methods and sell the login details to buyers globally.

Cybercrime forum thread selling verified AI accounts — Threat actors on a popular cybercrime forum actively selling pre-verified AI platform accounts to buyers looking to bypass geographic or identity restrictions.

Another forum thread offering bypassed AI access — The booming underground market specifically catering to bypassed and fully verified access for otherwise restricted AI infrastructure.

When basic mule accounts are insufficient, cybercriminals turn to advanced synthetic identity fraud. The underground economy offers specialized services for deepfake generation and real-time voice manipulation specifically engineered to defeat biometric liveness checks – the very checks frontier AI labs will rely upon to enforce border restrictions.

Hackers bypassing KYC using deepfakes — Cybercriminals demonstrating the successful use of AI-generated deepfakes to bypass live biometric face-scanning procedures used by KYC providers.

Underground services for deepfake and voice manipulation — Dedicated underground services offering sophisticated voice manipulation and deepfake generation explicitly designed to defeat AML and KYC protocols.

Coupled with the widespread availability of stolen passports, driver’s licenses, and government identification documents, bad actors possess a complete, inexpensive toolkit to fabricate verified identities on demand. The infrastructure to bypass these impending AI restrictions is already built, tested, and highly profitable.

Hackers selling passports for identity fraud — The illicit trade of physical and digital identification documents, including passports, which form the baseline requirements for bypassing strict onboarding procedures.

Mandating identity verification forces AI research organizations to collect and store massive volumes of sensitive personal documentation, including passports and biometrics. These databases represent high-value targets for network intrusions. When these repositories are inevitably breached, the stolen data will be funneled directly back into the cybercrime ecosystem, providing the exact credentials needed to fuel further identity fraud and access bypasses.

To learn more about how Hudson Rock protects companies from imminent intrusions caused by info-stealer infections of employees, partners, and users, as well as how we enrich existing cybersecurity solutions with our cybercrime intelligence API, please schedule a call with us, here:

https://www.hudsonrock.com/schedule-demo

We also provide access to various free cybercrime intelligence tools that you can find here:

www.hudsonrock.com/free-tools

Thanks for reading, Rock Hudson Rock!

Follow us on LinkedIn: https://www.linkedin.com/company/hudson-rock
Follow us on Twitter: https://www.twitter.com/RockHudsonRock