Google says hackers are abusing Gemini AI for all attacks stages

Hackers Exploiting Google’s Gemini AI Across All Stages of Cyber Attacks, Google Warns

In a stark revelation that underscores the growing intersection of artificial intelligence and cybercrime, Google’s Threat Intelligence Group (GTIG) has uncovered a disturbing trend: state-sponsored hackers are weaponizing its own Gemini AI model to supercharge their malicious campaigns.

From reconnaissance and phishing lure creation to command-and-control (C2) development and data exfiltration, advanced persistent threat (APT) groups from China, Iran, North Korea, and Russia are leveraging Gemini’s capabilities to streamline and enhance their operations. This marks a significant evolution in the cyber threat landscape, where AI is no longer just a tool for defense but a double-edged sword in the hands of adversaries.

AI-Powered Espionage: How Hackers Are Using Gemini

The GTIG report details how these threat actors are exploiting Gemini across multiple attack stages:

• Reconnaissance and Profiling: Chinese APT groups like APT31 and Temp.HEX have used Gemini to automate vulnerability analysis and generate targeted testing plans. In one instance, a fabricated scenario was created to trial Hexstrike MCP tooling, directing the model to analyze Remote Code Execution (RCE), WAF bypass techniques, and SQL injection test results against specific U.S.-based targets.

• Phishing and Social Engineering: Iranian APT42 has turned to Gemini for crafting sophisticated phishing lures and accelerating the development of tailored malicious tools. The AI’s ability to generate and debug code has significantly reduced the time and expertise required to create convincing attacks.

• Malware Development: North Korean and Russian actors have integrated Gemini into their malware creation pipelines. For example, the CoinBait phishing kit, which masquerades as a cryptocurrency exchange, shows clear signs of AI-assisted development, including logging messages prefixed with “Analytics:”—a potential red flag for defenders.

• ClickFix Campaigns: Cybercriminals have also used generative AI services in ClickFix campaigns, delivering the AMOS info-stealing malware for macOS. Users were lured into executing malicious commands through deceptive ads in search results for troubleshooting queries.

The Rise of AI-Enhanced Malware

One of the most concerning developments is the emergence of AI-powered malware frameworks like HonestCue. This proof-of-concept malware, observed in late 2025, uses the Gemini API to generate C# code for second-stage malware, which is then compiled and executed in memory. Such innovations highlight the potential for AI to lower the barrier to entry for sophisticated cyberattacks.

Google also warns of attempts to extract and distill its AI models, a process where attackers query the system extensively to replicate its decision-making processes. While not a direct threat to users, this intellectual property theft poses significant commercial and competitive risks for AI developers.

Google’s Response: Strengthening Defenses

In response to these threats, Google has disabled accounts and infrastructure tied to documented abuse and implemented targeted defenses in Gemini’s classifiers to make exploitation harder. The company emphasizes that its AI systems are designed with robust security measures and safety guardrails, and it regularly tests models to improve their resilience.

However, the report serves as a stark reminder that as AI technology advances, so too do the tactics of cybercriminals. The integration of AI into cyberattacks is not just a possibility—it’s already happening.

Tags: #AI #Cybersecurity #GoogleGemini #APT #Hacking #Malware #Phishing #CyberCrime #ThreatIntelligence #AIExploitation #CyberEspionage #StateSponsoredHacking #TechNews #CyberSecurityThreats #AIWeaponization

Viral Sentences:

• “Hackers are using Google’s own AI to hack Google’s users.”
• “AI is no longer just a shield—it’s now a sword in the hands of cybercriminals.”
• “The future of cybercrime is here, and it’s powered by artificial intelligence.”
• “Google’s Gemini AI: A double-edged sword in the cyber arms race.”
• “State-sponsored hackers are turning AI into their ultimate weapon.”

Viral Words: AI, Gemini, Cyberattack, Espionage, Malware, Phishing, Exploitation, Threat, Innovation, Defense, Cybercrime, State-Sponsored, Tech, Security, Future.

,