Paid AI Accounts Are Now a Hot Underground Commodity

The rapid integration of generative AI into business workflows has turned these services into high‑value assets, not just for legitimate users but also for cybercriminals. As organizations embed tools like ChatGPT and Claude into daily operations, threat actors recognize the operational advantage of unrestricted model access. This realization has birthed a niche black‑market where premium subscriptions are packaged, bundled, and sold at a discount, mirroring traditional illicit IT services such as compromised email accounts or VPNs.

Actors acquire AI credentials through a mix of tactics: harvesting exposed API keys from public repositories, stealing aged email accounts, automating bulk registrations with virtual phone numbers, and exploiting trial or promotional offers. The allure for buyers is clear—cost savings on subscriptions that can exceed $20 per month, the ability to sidestep regional sanctions, and the promise of fewer usage limits. These illicit accounts enable fraud groups to generate convincing phishing content, multilingual scam scripts, and even synthetic media at scale, dramatically increasing the speed and sophistication of attacks.

For defenders, the emergence of AI account resale underscores the need for stronger identity controls. Implementing multi‑factor authentication, rotating API keys, and monitoring anomalous usage patterns are essential first steps. Enterprises should adopt dedicated, enterprise‑grade AI licenses that provide granular policy enforcement and audit trails. Coupled with threat‑intel monitoring of underground forums, these measures can mitigate the risk of compromised AI services becoming a catalyst for broader cyber‑crime operations.