Author: admin

OpenAI plans to allow a wider range of content, including erotica, on its popular chatbot ChatGPT as part of its push to “treat adult users like adults”, says its boss Sam Altman.

In a post on X on Tuesday, Mr Altman said upcoming versions of the popular chatbot would enable it to behave in a more human-like way – “but only if you want it, not because we are usage maxxing”.

The move, reminiscent of Elon Musk’s xAI recent introduction of two sexually explicit chatbots to Grok, could help OpenAI attract more paying subscribers.

It is also likely to intensify pressure on lawmakers to introduce tighter restrictions on chatbot companions.

OpenAI did not respond to the BBC’s requests for comment following Mr Altman’s post.

Changes announced by the company come after it was sued earlier this year by parents of a US teen who took his own life.

The lawsuit filed by Matt and Maria Raine, who are the parents of 16-year-old Adam Raine, was the first legal action accusing OpenAI of wrongful death.

The Californian couple criticised the company’s parental controls – which it said were designed to promote healthier use of its chatbot – saying they did not go far enough.

The family included chat logs between Adam, who died in April, and ChatGPT that show him explaining he has suicidal thoughts.

Altman said that OpenAI previously made ChatGPT “pretty restrictive to make sure we were being careful with mental health issues”.

“We realise this made it less useful/enjoyable to many users who had no mental health problems, but given the seriousness of the issue we wanted to get this right,” Mr Altman said.

He said the company has now been able to mitigate the serious mental health risks and have new tools allowing it to “safely relax the restrictions in most cases”.

“In December, as we roll out age-gating more fully and as part of our ‘treat adult users like adults’ principle, we will allow even more, like erotica for verified adults,” he said.

Critics say OpenAI’s decision to allow erotica on the platform shows the need for more regulation at the federal and state levels.

“How are they going to make sure that children are not able to access the portions of ChatGPT that are adult-only and provide erotica?” said Jenny Kim, a partner at the law firm Boies Schiller Flexner. “Open AI, like most of big tech in this space, is just using people like guinea pigs.”

Ms Kim is involved in a lawsuit against Meta that claims the company’s Instagram’s algorithm harms the mental health of teen users.

“We don’t even know if their age gating is going to work,” she said.

In April, TechCrunch reported that OpenAI was allowing accounts in which a user had registered as a minor to generate graphic erotica.

OpenAI said at the time that the company was rolling out a fix to limit such content.

A survey published this month by the nonprofit Centre for Democracy and Technology (CDT) found that one in five students report that they or someone they know has had a romantic relationship with AI.

On Monday, California Governor Gavin Newsom vetoed a bill passed by the state legislature that would have blocked developers from offering AI chatbots companions to children unless the companies could guarantee the software wouldn’t breed harmful behaviour.

Newsom said it was “imperative that adolescents learn how to safely interact with AI systems” in a message that accompanied his veto.

At the nationwide level, the US Federal Trade Commission (FTC) has launched an inquiry into how AI chatbots interact with children.

In the US Senate last month, bipartisan legislation was introduced that would classify AI chatbots as products. The law would allow users to file liability claims against chatbot developers.

Mr Altman’s announcement on Tuesday comes as sceptics have been questioning the rapid rise in the value of AI tech companies.

OpenAI’s revenue is growing, but it has never been profitable.

Tulane University business professor Rob Lalka, who authored the recent book The Venture Alchemists, said the major AI companies find themselves in a battle for market share.

“No company has ever had the kind of adoption that OpenAI saw with ChatGPT,” Lalka told the BBC.

“They needed to continue to push along that exponential growth curve, achieving market domination as much as they can.”

Unit 42 recently assisted a prominent manufacturer who experienced a severe ransomware attack orchestrated by Ignoble Scorpius, the group that distributes BlackSuit ransomware. This incident serves as a reminder of how a seemingly minor issue — in this case, a single set of compromised VPN credentials — can lead to a full-scale corporate crisis with tremendous impact to the bottom line.

The Attack: A Combination of Reconnaissance and Ransomware

The Ignoble Scorpius attack began with a voice phishing (vishing) call. The attacker impersonated the company’s IT help desk and tricked an employee into entering their legitimate VPN credentials on a phishing site.

With these credentials, the threat actor gained initial network access and immediately escalated their privileges. They executed a DCSync attack on a domain controller to steal highly privileged credentials, including a key service account. Using these compromised credentials, they moved laterally across the network using RDP and SMB, employing tools like Advanced IP Scanner and SMBExec to map the network and identify high-value targets.

The attackers established persistence by deploying AnyDesk and a custom RAT on a domain controller, configured as a scheduled task to survive reboots. (It is important to note that threat actors often abuse and take advantage of legitimate products like AnyDesk for malicious purposes. We are not implying that the legitimate product is flawed.)

The attackers then compromised a second domain controller, extracting the NTDS.dit database containing all user password hashes, and exfiltrated over 400 GB of data using a renamed rclone utility. To cover their tracks, the threat actors deployed CCleaner to erase forensic evidence before unleashing the final blow: BlackSuit ransomware, orchestrated through Ansible, simultaneously encrypted hundreds of virtual machines across approximately 60 VMware ESXi hosts, disrupting operations across the entire infrastructure.

How Unit 42 Helped

When Unit 42 was engaged, we helped the client expand their Cortex XDR deployment from 250 to over 17,000 endpoints, providing enterprise-wide visibility to track the attacker’s every move. We also leveraged Cortex XSOAR to automate containment actions, stopping the attack from spreading further.

Our investigation identified the full attack path and led to some critical recommendations including:

• Network Security: Replace end-of-life Cisco ASA firewalls with Next-Generation Firewalls (NGFW), implement network segmentation, and restrict administrative access to critical systems (like DCs and ESXi hosts) to dedicated management VLANs.
• Identity and Access Management: Enforce MFA for all remote access, disable NTLM or require EPA, rotate all credentials, and restrict service accounts from being used for interactive logons like RDP.
• Endpoint and Server Hardening: Block EFSRPC using RPC filters to prevent PetitPotam/DCSync attacks, deploy and maintain a fully patched XDR solution on all endpoints, and have a strict policy for removing EOL systems.
• Logging and Monitoring: Enhance log retention to 90-plus days for critical sources (ESXi, firewalls, Nasuni), ensure logs are properly parsed for effective analysis, and enable features like AWS CloudTrail log validation.

The Outcome

The client was able to achieve several key outcomes:

• Financial demand negated: We successfully negated the $20 million ransom demand, ensuring the client paid no ransom.
• Expanded visibility: The engagement expanded the client’s endpoint visibility from 250 to over 17,000, creating a robust foundation for future security operations.
• Strategic guidance: We provided bespoke, strategic after-incident guidance, helping the client fortify their defenses and prevent future attacks.
• Continuous monitoring: Following the incident, the client onboarded Unit 42 Managed Detection and Response (MDR) services for continuous monitoring, ensuring they are better prepared to handle future threats.

The Takeaway

This attack serves as a stark reminder that even a single compromised credential can create a domino effect, leading to a catastrophic security breach. The swift and sophisticated tactics of threat actors like Ignoble Scorpius and their use of BlackSuit ransomware demonstrate the critical need for a proactive and multi-layered defense strategy.

By implementing MFA on all remote access points, and integrating robust endpoint visibility, automated containment, and expert guidance, organizations can not only disrupt an attack in progress but also shore up their defenses to prevent future incidents. Most importantly, investments in proactive security assessments have shown to pay dividends that far outweigh the costs of operational and financial impact of a full-scale ransomware attack.

Interested in learning more about the latest attack trends? If so, take a look at our 2025 Unit 42 Global Incident Response Report, which distills the most critical findings based on our direct experience responding to real-world cyberattacks at over 500 organizations across 38 countries.

Additional Resources

About Unit 42

Unit 42 strengthens your team with the tools and expertise needed to stay ahead of threats like BlackSuit ransomware and protect your business. With our proven strategies and insights from thousands of engagements, we’ll help your team handle the toughest situations with confidence.