A new Google report finds evidence that state-sponsored hacker groups are leveraging the AI tool Gemini at nearly every stage of the cyber attack cycle.
While this study highlights how the cyber-attack capabilities of AI tools have matured, it does not reveal novel or paradigm-shifting uses of the technology.
John Hultquist, principal analyst in Google’s Threat Intelligence Group, told CyberScoop that many countries are still experimenting with AI tools to determine where they fit best in the attack chain and where they provide more benefit than friction.
“No one has it all figured out perfectly,” Hultquist said. “They’re all trying to figure this out. That applies to attacks on AI as well.”
But the report also reveals that frontier AI models can incorporate speed, scale, and sophistication into a myriad of hacking tasks, and that state-sponsored hacking groups are taking advantage of them.
Gemini is a dynamic and useful tool for many tasks and has assisted threat actors in a variety of ways. Google’s report suggests that in nearly all cases, state-sponsored attackers relied on Gemini as one of many tools for specific purposes, such as automating routine processes, conducting research or reconnaissance, or experimenting with malware.
One North Korean group used it to consolidate open source information about job and salary information at cybersecurity and defense companies. Another North Korean group consulted for technical support “multiple days a week” to troubleshoot problems or generate new malware code when operations stalled. An Iranian APT used Gemini to “significantly enhance reconnaissance techniques” against targeted victims. China, Russia, Iran, and North Korea also used Gemini to create fake articles, personas, and other information manipulation assets.
“What’s really interesting about this feature is that it has an impact across the entire intrusion cycle,” Hultquist said.
No nation-state entity has used Gemini to automate a large portion of its cyberattacks like the Chinese government-backed campaign Anthropic identified last year. This suggests that threat actors may still struggle to implement fully or mostly automated hacks using AI.
Hultquist said some nation-state groups, especially those focused on espionage, may find the speed and scale advantages of agent AI to be useless when louder, easier-to-detect operations occur. Indeed, while state actors continue to experiment with AI models, he believes that, on average, these developments will serve smaller cybercriminal organizations more than state-sponsored hackers.
However, that may change in the future. Frontier AI companies like Anthropic and cybersecurity startups like XBOW are already developing models with strong defensive cybersecurity capabilities in vulnerability scanning, reconnaissance, and automation. Foreign governments with similar technology could use the same capabilities for offensive hacking, as Chinese attackers did with Claude before they were discovered.
In December, the UK Institute for AI and Security released its first ever report on Frontier AI Trends, which found that AI capabilities are rapidly improving in all domains tested, particularly in cybersecurity.
And the gap between the frontier model and the free and open source model is closing. According to the institute, open source AI models caught up within four to eight months of the release of the Frontier model and were able to provide similar functionality.
“The time required for cyber tasks that AI systems can complete without human guidance is also increasing rapidly, from less than 10 minutes in early 2023 to more than an hour by mid-2025,” the institute said in its December Frontier AI Trends Report.
