In a recent analysis of malicious cyber activity, Google’s Threat Intelligence Group (GTIG) has observed that advanced threat actors are increasingly leveraging large-scale generative AI models like Gemini to support virtually every stage of their attacks — from reconnaissance to post-compromise operations.

Generative AI as a Force Multiplier for Cybercrime

Traditionally, sophisticated cyberattacks required deep technical expertise, extensive tooling, and coordinated collaboration among skilled operators. However, with the advent of powerful generative AI systems such as Gemini, threat actors — including state-sponsored groups — can significantly accelerate their operations.

According to GTIG’s findings, actors linked to China (such as APT31), Iran (APT42), Russia, and North Korea (UNC2970) have all been observed using Gemini’s models not just for isolated tasks, but for multi-phase campaigns.

Breaking Down Abuse Across the Attack Chain

GTIG reports that Gemini has been misused at these key stages:

• Target profiling & reconnaissance: Attackers use AI to research organizations, potential vulnerabilities, employee data, and open-source intelligence — essentially automating portions of what once required hours of manual effort.
• Phishing and social engineering: Generative models are producing tailored phishing lures and persuasive messaging at scale.
• Payload development and scripting: Instead of writing code manually, attackers solicit Gemini to generate, debug, or troubleshoot malicious scripts, speeding up the crafting of malware components.
• Command & control (C2) logic: AI assistance is being used to develop parts of control infrastructure that direct malware behavior and data exfiltration.
• Post-compromise operations: After initial access, AI helps with lateral movement logic, vulnerability exploitation paths, and even evasion techniques.

Google also notes an increase in AI model extraction and distillation attempts — where threat actors systematically query an AI model’s API to reverse-engineer aspects of its internal reasoning or replicate its capabilities locally. While this does not immediately compromise user data, it represents a significant commercial and competitive risk as it undermines the intellectual property underlying modern AI-as-a-service offerings.

Examples of AI-Augmented Threat Activity

• One observed Chinese actor employed deception — posing to Gemini as an expert to obtain guidance on specific exploit techniques such as SQL injection tests against fabricated targets.
• Iranian groups used Gemini for debugging and rapid code generation tailored toward social engineering tools and phishing campaigns.
• Malware frameworks such as HonestCue and toolkits like CoinBait showed indications of having been developed or refined using generative AI models.

Despite these trends, Google reports that these AI abuses have not yet resulted in “major breakthroughs” such as fully autonomous AI-driven zero-day exploit generation — but warns defenders to expect continued evolution and integration of AI into adversarial toolchains.

Defender Implications and Future Risks

The misuse of AI in cyberattacks raises several key concerns:

• Lowered barriers to entry: Less skilled operators can now perform historically complex tasks (e.g., malware scripting and tool development) with AI assistance.
• Increased scale: Automated generation of phishing lures or reconnaissance reports allows campaigns to scale far beyond what manual methods permit.
• Intellectual property risk: Model extraction attacks threaten AI vendor innovations, potentially enabling unauthorized replication of sophisticated models.

Google continues to refine security guardrails and deploy defenses aimed at making abuse more difficult — such as enhanced safety classifiers, abuse detection heuristics, and account mitigations tied to documented misuse patterns.

Conclusion

The integration of generative AI like Gemini into the cyber threat landscape represents a paradigm shift. While Gemini and similar models are designed with safety and security controls, attackers are still finding ways to use them as productivity and development accelerators throughout the cyberattack lifecycle.

For defenders, the game is no longer just protecting networks and endpoints — it involves understanding how AI can be misused and how to adapt defenses accordingly. Continued collaboration between AI developers, cybersecurity teams, and threat intelligence organizations will be critical in staying ahead of increasingly sophisticated adversarial use cases.