Has anyone else noticed some of these "uncensored AI for security research" tools are just API wrappers with a fake origin story?

Been poking around a few of the tools that keep getting recommended in security communities lately, and something felt off about one of them so I did some basic digging.

The one I looked at claims to run a proprietary model trained on threat intel and CVE data. But when I asked about its architecture in a few different ways, it gave the exact same sentence back every time, word for word, no variation. That's not a trained model responding, that's a hardcoded system prompt deflection.

Checked the network requests in the browser. The API routing structure looks identical to a well-known commercial LLM provider, just proxied through their own domain. Domain itself was registered about three months ago. Infrastructure is a basic cloud deployment behind Cloudflare, nothing that suggests any serious proprietary training setup.

The "uncensored" claim also didn't hold up, standard red team prompts got the same refusals you'd get from any commercial model.

I'm not naming it here because I don't want this to turn into a witch hunt and I could be wrong about some of this. But it got me curious: is there actually any tool in this space that does what these things claim, or is "uncensored AI for hackers" basically always going to be a wrapper with aggressive marketing?

Has anyone done more systematic testing across these tools? Genuinely curious what the actual landscape looks like.

submitted by /u/Sharkkkk2
[link] [comments]

from hacking: security in practice https://ift.tt/p1tyDlQ