Concerns about AI-driven attack innovation appears to have been confirmed by a Google, with a report indicating its Gemini AI assistant is being used by state-backed hackers to create and test new threats.
► Threat actors misusing Gemini at all stages of operations
► AI is being used to devise more inventive ways of evading detection
In its latest AI Threat Tracker report, the Google Threat Intelligence Group (GTIG), describes how numerous threat groups are utilising the technology to plan and to carry out attacks. It also highlights how threat actors from North Korea, Iran, China, and Russia have ‘operationalised’ AI, but also stipulates that nothing has yet happened that fundamentally alters the threat landscape.
The report says that state-sponsored actors continue to misuse Gemini to enhance all stages of their operations, from reconnaissance and the creation of phishing lures to command-and-control development and data exfiltration. GTIG also observed activity that suggests growing efforts to use agentic AI in the development of threats.
It also noted the growth of malware that uses AI to achieve new capabilities, such as preventing network detection. Here again while no real ‘breakthroughs’ have been made, GTIG expects the use of ‘experimental AI-enabled techniques’ to increase in the future.
The findings illustrate how the stakes are continually being raised in cybersecurity, with threat actors harnessing the power of new tools in creative ways and posing new challenges for security providers and vendors. While it’s good to know that the big players in AI are aware of this and on the case, there is no room for complacency.
The TD SYNNEX Security Practice offers a range of services and support to help partners safeguard their customers from all kinds of cyberthreats.
Inspired by
- GTIG AI Threat Tracker – 12 February 2026
- Hacker groups are using Gemini to augment attacks – IT Pro
- Google says hackers are abusing Gemini AI for all attacks stages – Bleeping Computer
