Search

Google Says Hackers Are Abusing Gemini AI for All Attack Stages

Cyber threats and incidents
By John Kevin Hao

Related

Cyber threats and incidents

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

What happened An ad fraud operation dubbed Pushpaganda used search...
Read more
Cyber threats and incidents

Google Sets 2029 Deadline for Quantum-Safe Cryptography

What happened Google set a 2029 deadline for quantum-safe cryptography...
Read more
Cyber threats and incidents

Google Authenticator Hidden Passkey Architecture Could Open New Passwordless Attack Paths

What happened A hidden Google passkey architecture could open new...
Read more
AI and security

Google Deploys Gemini AI to Monitor Dark Web for Cyber Threats

What happened Google has deployed Gemini AI agents within its...
Read more
Cyber threats and incidents

Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises

What happened Google Cloud analysts from the Google Threat Intelligence...
Read more

Share

What happened

Google has reported that threat actors are leveraging its Gemini AI models to assist in multiple stages of cyberattacks, from planning to execution. According to the report, Google’s Threat Analysis Group (TAG) observed that attackers are using Gemini capabilities to refine phishing content, generate malicious scripts, and craft social engineering lures that adapt to target contexts. The abuse also extends to automating tasks traditionally performed manually, such as reconnaissance query generation, malware customization, and post-exploitation analysis. Google characterized this activity as a shift in tactics, with adversaries using AI tools to streamline workflows and reduce the skill barriers required for complex operations. While Google did not attribute the activity to specific named groups in the disclosed advisory, the company emphasized that Gemini’s powerful generative and reasoning features can be misused across the attack lifecycle when accessed by malicious users.

Who is affected

Organizations and individuals targeted by AI-assisted cyber campaigns are affected, as attackers using AI-generated lures, code, and reconnaissance can escalate the scale and effectiveness of their operations against victims.

Why CISOs should care

The reported abuse of AI models like Gemini across attack stages underscores how generative tools are being co-opted to enhance adversary capabilities, increasing the pace and sophistication of common threats such as phishing, malware development, and automated reconnaissance.

3 practical actions

  • Monitor for AI-generated content patterns. Detect phishing and social engineering campaigns that exhibit stylistic or structural traits of AI generation.
  • Update threat detection models. Incorporate signals that identify automation and AI-assisted malicious behaviors.
  • Educate users on evolving phishing tactics. Train stakeholders on recognizing increasingly sophisticated, contextually tailored lures.
IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
CISOs to Watch in Finland’s Government Administration
Next article
Apple Fixes Zero-Day Flaw Used in Extremely Sophisticated Attacks

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.