Gemini the Swiss knife of state-backed cyber attacks

In recent weeks, security researchers have turned on a new alarm: state-backed actors are taking advantage of Google's language model, Gemini, as if it were a Swiss knife to facilitate cyber campaigns. What is worrying is not only that we use IA to automate legitimate tasks, but that these tools are being incorporated into each phase of the attack - from initial recognition to data exfiltration - with a multiplier effect on the efficiency and scope of offenders.

According to Google's own analysis of observed malicious activity, groups affiliated to several countries have used Gemini for activities as diverse as defining objectives, collecting public intelligence, creating phishing baits and helping in the development of command and control infrastructures. The names identified by the researchers include collective labels related to China, Iran, North Korea and Russia, which have used the model to translate texts, purify and generate code, design vulnerability tests and solve technical problems during intrusions.

The use of a large language model in these tasks is not a simple technical curiosity: it reduces barriers. Generating a more convincing speech-phishing mail, adapting an explosion to a specific target or automating the conversion of public research into a actionable script are activities that previously required more time and specialized skills. Now, with appropriate indications, attackers can speed up processes and test variants quickly, making it difficult to detect and expand the risk surface.

The specific examples observed include families of tools and campaigns that clearly show traces of IA assistance. Some malware prototypes have come to integrate calls to the Gemini API to generate C # code fragments that are compiled and run in memory as a second stage; complex phishing kits present evidence that their development was based on code generation tools; and "ClickFix" campaigns have used IA-generated content to attract users to pages that deliver malware specific to macOS. These cases show that IA is already part of the criminal toolbox.

Another aspect that Google and analysts highlight is the attempt to replicate models. Through a process of model extraction and "knowledge distillation," malicious organizations can systematically question an authorized service and, with sufficient consultation, approach their behaviour to train cheaper or unrestricted alternatives. This type of strategy not only poses an intellectual property problem, but also covers and accelerates the development of adverse capacities.

The researchers describe even large-scale operations that used tens of thousands of requests in different languages with the intention of capturing model reasoning patterns. To defend itself, Google claims to have suspended abusive accounts and introduced new controls on the classifiers and the access points to the model, and emphasizes that it designs its systems with safeguards and continuous testing. However, the dynamics show that protection measures must evolve as quickly as abuses.

That these problems are observed in one or another supplier is not a surprise. The security community has been documenting techniques of model extraction academically for years (see work on model extraction and prediction APIs), and public and private agencies start publishing guides to mitigate malicious uses of AI. The risk combines technical, economic and human factors: from the loss of intellectual property to the possibility of conventional defenses being obsolete against more polished and automated attacks.

What can organizations do today to reduce risk? There is no single solution, but practical measures that help: strengthen controls on access to APIs and credentials, monitor abnormal patterns of use (e.g. extraordinary volumes of consultations or series of repetitive prompts), apply multifactor authentication and review development processes to detect code or artifacts generated by third parties. In addition, training for end-users remains key: the phishing baits generated by IA may be more professional, but they often continue to exploit human failures that awareness and procedures can mitigate.

Cooperation between IA providers, cyber security companies and authorities is equally essential. When models become critical infrastructure for innovation, their abuse also requires coordinated responses: sharing commitment indicators, reporting emerging tactics and updating regulatory and contractual frameworks to protect both customers and developers' intellectual property.

If you want to review the report and the media coverage that have summarized these findings, you can see Google's security release on its corporate blog on threats and abuses, and also the analysis of specialized media that have collected technical details and practical examples. These materials help to understand both the concrete evidence and the responses that are already being implemented: Google Security Blog and a piece of information on BleepingComputer provide starting points, while more general reports on the threat posed by the IA and the extraction of models are available at institutions such as the European Union Agency for Cybersecurity ( ENISA) and in academic work on model extraction ( Stealing Machine Learning Models via Prediction APIs).

The arrival of models capable of writing, translating, diagnosing and programming has enormous benefits, but also an obvious counterpart: when powerful tools are available to malicious actors, the risk balance changes. The task is not to ban technology but to govern it: to build technical defences, organizational practices and frameworks of responsibility that reduce its abuse without suffocating innovation. That will be the public and technical discussion that will mark the next chapters of digital security.