Mycelium Framework: First Known AI-as-a-Service Botnet

Unverified ‘Mycelium’ botnet advert claims AI-as-a-service built on compromised machines

The Mycelium Framework represents the first documented instance of a botnet marketed directly as an AI-as-a-Service platform. Security researchers identified this emerging threat in June 2024 through a dark web listing, which advertises Mycelium as a way for cybercriminals to monetise compromised Windows and Linux machines by renting out their computing resources and stolen AI accounts. This event marks a significant shift in the monetisation of botnets, with implications for enterprise security and the broader digital ecosystem.

How the Mycelium Framework AI-as-a-Service Botnet Operates

Mycelium is advertised as a cross-platform botnet toolkit, written in C++, and designed for both Windows and Linux environments. Unlike traditional botnets, which typically focus on spam campaigns or distributed denial-of-service attacks, Mycelium evaluates infected hosts for their suitability as part of a black market AI cluster. The framework’s operators target systems with significant CPU or GPU resources, active AI service accounts, and stored credentials, offering these assets for rent to other criminals on underground forums.

Key Features of Mycelium Framework

  • Cross-platform support: Compatible with modern Windows and Linux operating systems.
  • Modular plugin architecture: Allows operators to add or swap capabilities such as credential theft, network scanning, browser data extraction, and exploit modules without rebuilding the malware.
  • Encrypted command and control: Uses secure channels to communicate with infected endpoints, reducing the chance of detection.
  • Credential harvesting: Focuses on collecting credentials for AI platforms and cloud services, in addition to standard password theft.
  • Resource assessment: Probes systems for CPU, GPU, and AI account access, grading their suitability for illicit compute rental.

Timeline and Discovery

The Mycelium listing was first observed by researchers at Flare in June 2024 on a well-known dark web marketplace. Flare’s analysis, published shortly thereafter, highlights the novelty of the approach. While the techniques used for infection and exploitation are not new, their combination into a single, AI-as-a-Service offering is unprecedented.

There is currently no public evidence of widespread deployment, but the mere existence of Mycelium’s marketing signals an intent to industrialise the monetisation of stolen computing power. The framework is still being advertised and discussed on underground forums, and threat intelligence teams are monitoring for any signs of active campaigns.

Who Is at Risk and How the Attack Works

The Mycelium Framework primarily targets organisations and individuals with powerful Windows or Linux machines. This includes enterprises with on-premise servers, research institutions, and any users with high-performance GPUs or CPUs. The infection vector is not explicitly detailed in the listing, but it likely leverages standard botnet distribution methods: phishing, exploit kits, or supply chain compromises.

Once installed, Mycelium performs a detailed inventory of the host’s hardware and software environment. It looks for:

  • Installed GPUs (for AI and machine learning workloads)
  • Stored browser passwords and session cookies
  • Active logins for AI platforms (e.g., OpenAI, Google Cloud AI, Hugging Face)
  • Network accessibility and lateral movement potential

Infected hosts are then enrolled into a botnet, where their compute power and stolen credentials are offered for rent through a black market interface. Criminals can use these resources to perform illicit AI training, automated account creation, or data scraping, effectively turning the botnet into a decentralised, criminal cloud service.

Current Exploitation Status and Security Implications

According to Flare, there have been no confirmed reports of Mycelium infections in the wild as of late June 2024. However, the existence of the framework and the sophistication of its design have raised alarms within the cybersecurity community. The framework’s modularity and focus on AI services make it particularly dangerous for organisations relying on cloud-based AI platforms or possessing in-house machine learning infrastructure.

The convergence of botnets with AI-as-a-Service models introduces several new risks:

  • Increased likelihood of resource theft, leading to unexpected compute bills or degraded service performance
  • Compromise of AI accounts, enabling abuse of paid APIs or access to sensitive data
  • Potential use of stolen compute for large-scale automated attacks, such as synthetic identity generation or content scraping

Why This Matters and What Organisations Should Do

The Mycelium Framework demonstrates how cybercriminals are adapting to the growing importance of AI and high-performance computing. The ability to rent illicit compute clusters on demand could fuel a new wave of attacks targeting cloud services and AI-powered platforms.

Organisations should closely monitor for signs of unauthorised compute usage, unusual AI account activity, and credential theft. Enhanced monitoring of GPU utilisation, API access patterns, and credential management is recommended, particularly for entities with significant AI investments.

Rapid detection and response will be essential as frameworks like Mycelium move from underground listings to active exploitation.

Originally reported by cybersecuritynews.com.

Share this bulletin

About the Author

Headshot of Jonny Pelter, leading cyber security expert in the UK and CISO

Jonny Pelter

Partner

  • CIPM
  • CIPP/E
  • CISSP
  • CISM
  • CRISC
  • ISO27001
  • Prince2
  • MSc
  • BSc

Jonny Pelter

Jonny is a Founding Partner at CyPro and executive group level CISO who has worked closely with the British intelligence agencies NCSC and GCHQ.

An ex-professional rugby player and originating from KPMG and Deloitte, Jonny has a wealth of experience across numerous sectors including technology, critical national infrastructure, financial services, oil & gas, insurance, betting, pharmaceuticals and utilities.

Jonny is a leading cyber security expert in the UK, having featured on national media for his professional commentary such as BBC News, iPlayer, Telegraph and Times Radio.

View Profile
Back to Bulletins
Category
Malware
Published
Jul 8 - 2026
Post Tags
Cypro firewall showing robust network security
Secure your business.
Elevate your security, accelerate your growth. We take care of cyber security for high-growth companies, at every stage of their journey.
Get in touch
CyPro Cookie Consent

Hmmm cookies...

Our delicious cookies make your experience smooth and secure.

Privacy PolicyOkay, got it!

We use cookies to enhance your experience, analyse site traffic, and for marketing purposes. For more information on how we handle your personal data, please see our Privacy Policy.

Schedule a Call