Google’s Threat Intelligence Group has uncovered extensive use of its Gemini AI assistant by state-sponsored Advanced Persistent Threat (APT) groups from over 20 countries. While these groups primarily utilize Gemini for productivity enhancement rather than developing novel AI-enabled cyberattacks, their activities raise significant security concerns.

Key Findings by Country:

Iran (Most Active User):
– Conducts reconnaissance on defense organizations
– Researches vulnerabilities
– Develops phishing campaigns
– Creates content for influence operations
– Performs technical research on military technologies

China:
– Focuses on U.S. military and government reconnaissance
– Develops scripts for network infiltration
– Researches vulnerability exploitation
– Explores Microsoft Exchange compromises
– Reverse-engineers security tools

North Korea:
– Researches hosting providers
– Conducts organizational reconnaissance
– Assists in malware development
– Uses platform for false identity creation in IT worker schemes

Russia (Limited Engagement):
– Focuses on script development
– Performs malware modification
– Conducts code translation
– Shows preference for domestic AI platforms

Security Implications:
While Google reports unsuccessful attempts to bypass Gemini’s security measures, the broader AI landscape presents concerning vulnerabilities. Recent research has identified security weaknesses in alternative AI models like DeepSeek R1 and Alibaba’s Qwen 2.5, highlighting the growing challenge of securing AI platforms against malicious exploitation.