Government-sponsored hacking groups from China, Iran, North Korea, and Russia are exploiting Google’s Gemini AI to enhance cyber operations across the entire attack chain — from reconnaissance and payload development to data exfiltration.
According to a new report by Google’s Threat Intelligence Group (GTIG), these state-backed actors are using Gemini to conduct technical research, craft highly convincing phishing lures, and automate tasks like vulnerability scanning and exploit generation. The findings highlight how large language models are becoming integrated into offensive cyber toolkits worldwide.
Chinese Actors Deploy AI for Targeted Reconnaissance
The report details how Chinese state-linked group APT31 used Gemini by prompting it to behave as an “expert cybersecurity analyst,” automating vulnerability discovery against U.S.-based entities. Using an open-source red-teaming framework called Hexstrike, which operates through the Model Context Protocol, the attackers directed Gemini to analyze remote code execution exploits, SQL injection vulnerabilities, and web application firewall bypasses.
“This activity explicitly blurs the line between a routine security assessment query and a targeted malicious reconnaissance operation,” GTIG noted.
Another Chinese group, Temp.HEX, leveraged Gemini for extensive information gathering on individuals in Pakistan, reportedly compiling dossiers later used in targeted operations against the same people.
New Malware Family Built Around Gemini API
Investigators also uncovered a fileless malware campaign using Gemini through its API. The new strain, dubbed HONESTCUE, appeared in September 2025 and uses Gemini to generate and compile custom C# code in memory for second-stage payloads — effectively evading traditional file-based detection methods.
GTIG additionally identified a dark-web toolkit called Xanthorox, advertised as a bespoke offensive AI platform. Further analysis revealed it was powered by commercial AI products — including Gemini — accessed via stolen API keys from compromised users.
Surge in Model Extraction and Distillation Attacks
Researchers from Google DeepMind and GTIG also warned of a growing trend in model extraction (or distillation) attacks, where adversaries repeatedly query AI models to replicate their output and reasoning.
One campaign issued over 100,000 automated queries to mimic Gemini’s logic, effectively attempting to “clone” its capabilities for cheaper, unauthorized reuse. Google classified such activity as a form of intellectual property theft, threatening both commercial and national security interests.
Google Strengthens Defenses Against Abuse
In response, Google has terminated accounts and infrastructure linked to these attacks and reinforced its guardrails and detection pipelines. The company emphasized its commitment to curbing AI model misuse while maintaining accessibility for legitimate research and commercial applications.
GTIG’s findings underscore a pivotal shift: large language models are now part of the global cyber arms race, simultaneously empowering defenders and equipping adversaries with scalable intelligence tools.
