US EditionGoogle: China's APT31 used Gemini to plan US cyberattacks
APT31 used Gemini AI with Hexstrike to automate vulnerability analysis and exploit testing against US critical infrastructure, increasing attack speed and widening patch gaps, Google says.
- On Thursday, GTIG reported that APT31 used Gemini to automate vulnerability analysis and attack planning against US-based organizations.
- Researchers say criminals repurposed red‑teaming tools after mid‑August, and GTIG reports APT31’s latest Gemini attempts occurred late last year alongside 100,000-prompt model extraction campaigns.
- John Hultquist warned, `The other is automating the development of vulnerability exploitation`, as attackers prompted Gemini with an expert cybersecurity persona and trialed Hexstrike to test RCE, WAF bypasses, and SQL injection.
- In immediate steps, GTIG said it has disabled accounts and infrastructure tied to the campaign, and Hultquist urged `We are going to have to leverage the advantages of AI, and increasingly remove humans from the loop, so that we can respond at machine speed`.
- Wider implications include Google flagged intellectual property theft as scalable, risking the AI‑as‑a‑service business model and GTIG warned AI agents widen the patch gap, threatening critical infrastructure soon.
11 Articles
11 Articles
Google Flags Massive AI Cloning Attempt as Over 100000 Malicious Prompts Target Gemini Logic | 📲 LatestLY
Google has revealed that it blocked a large scale “model extraction” campaign aimed at stealing the proprietary logic of its Gemini artificial intelligence system. According to findings from the Google Threat Intelligence Group, researchers detected more than 100000 malicious prompts crafted to extract the internal reasoning processes of the AI model. 📲 Google Flags Massive AI Cloning Attempt as Over 100000 Malicious Prompts Target Gemini Logic.
Google says hackers are abusing Gemini AI for all attacks stages
Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access to systematically probe models and replicate their logic and reasoning.
A recent report from Google’s Cyber Threat Intelligence Unit (GTIG) indicates that government attack groups from China, Iran, North Korea, and Russia are leveraging Gemini—Google’s artificial intelligence model—to accelerate and streamline advanced cyberattacks. According to the report, these groups are implementing Gemini’s tools into all stages of the attack lifecycle: from gathering intelligence on targets, to developing sophisticated phishin…
[Digital Daily, Reporter Kim Bo-min] A diagnosis was made that security threats surrounding generative artificial intelligence (AI) have become more advanced. On the 12th, Google Threat Intelligence Group (GTIG) and Google DeepMind released the “AI Threat Tracker” (AI Threat Tracker), which analyzes AI threat trends for the fourth quarter of 2025. The report revealed that it identified a number of threat actors who attempted model extraction and…
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
