State hackers exploit Google’s Gemini AI to accelerate cyberattacks

State-backed hackers from China, Iran, and North Korea have weaponized Google’s artificial intelligence model, Gemini, using it as a tool to accelerate cyberattacks, according to a new report from Google Threat Intelligence Group.

The report shows that hackers leveraged Gemini for reconnaissance, phishing, code troubleshooting, and malware development. While large language models have not fundamentally altered the cyber threat landscape, Google says AI has become a critical tool for technical research and generating phishing lures.

Chinese groups APT31 and UNC795 used Gemini to automate vulnerability analysis and code auditing, simulating complex scenarios like SQL injection tests and web application firewall bypasses. Iranian-backed APT42 employed the model to conduct social engineering, crafting personas to engage targets based on their professional biographies. 

North Korea’s UNC2970 used Gemini to profile high-value cybersecurity and defense targets, gathering open-source intelligence on technical roles and salaries.

Non-state cybercriminals have also begun experimenting with AI. Google identified campaigns where threat actors hosted deceptive content on Gemini and used AI-generated prompts to construct malware and phishing kits. 

Notably, the CoinBait phishing kit, disguised as a cryptocurrency exchange, appears to have been built using AI tools to accelerate code generation.

Google also flagged model extraction or distillation attacks, in which attackers attempt to replicate a model’s reasoning and outputs, representing intellectual property theft rather than a direct risk to everyday users. 

Some of these attacks involved more than 100,000 prompts aimed at coercing Gemini to reveal full reasoning processes.

The report also uncovered underground marketplaces marketing AI-powered cyberattack tools, including the toolkit Xanthorox, which uses Gemini alongside other commercial AI products.

Google has responded by disabling accounts linked to malicious activity and implementing targeted defenses in Gemini’s AI classifiers. 

While financially motivated hackers continue to experiment, the company reports no breakthrough capabilities yet that fundamentally change the threat landscape.