For months, the cybersecurity community watched with cautious curiosity as threat actors around the globe tentatively probed the capabilities of generative artificial intelligence. That experimental phase, according to new research from Google, is now decisively over. Malicious actors — from state-sponsored hacking groups to financially motivated cybercriminals — have moved beyond mere curiosity and are actively integrating AI into their operational playbooks, accelerating the speed, scale, and sophistication of cyberattacks worldwide.

The findings, published by the Google Threat Intelligence Group (GTIG), represent one of the most comprehensive assessments to date of how adversaries are leveraging AI platforms, particularly Google’s own Gemini large language model, for malicious purposes. The report paints a sobering picture: AI is no longer a theoretical threat multiplier — it is an active one, and its abuse is growing at a pace that demands urgent attention from enterprises, governments, and the cybersecurity industry alike.

State-Sponsored Actors Lead the Charge in AI-Powered Cyber Operations

According to the GTIG analysis, as reported by Techzine, government-backed hacking groups from Iran, China, North Korea, and Russia have been among the most prolific abusers of AI tools. These advanced persistent threat (APT) groups are using Gemini and similar platforms for a range of activities, including reconnaissance on potential targets, vulnerability research, crafting more convincing phishing content, and generating or debugging malicious code.

Iranian threat actors, the report found, were the heaviest users of Gemini among the state-sponsored groups tracked. Their activities included using the AI to research known vulnerabilities in defense and telecommunications systems, generate phishing emails in multiple languages, and develop content for influence operations. Chinese-affiliated groups, meanwhile, focused heavily on using AI for reconnaissance against U.S. military and government infrastructure, as well as for scripting and troubleshooting code used in intrusion operations. North Korean actors turned to Gemini for tasks including drafting cover letters and proposals — part of Pyongyang’s well-documented scheme to place IT workers in Western companies under false identities to generate revenue for the regime.

Beyond the Nation-State: Financially Motivated Criminals Embrace AI

While state-backed groups garner the most headlines, the GTIG report makes clear that the democratization of AI tools has been a boon for the broader cybercriminal ecosystem as well. Ransomware operators, business email compromise (BEC) gangs, and fraud rings are all finding ways to harness generative AI to improve their tradecraft. The technology lowers the barrier to entry for less sophisticated actors, enabling them to produce polished phishing lures, automate social engineering scripts, and rapidly iterate on malware variants that can evade detection.

Google’s researchers noted that criminals are using AI not just for the creation of offensive tools, but also for operational efficiency. Tasks that once required hours of manual effort — such as translating phishing content into dozens of languages, customizing lures for specific industries, or researching an organization’s corporate hierarchy to identify high-value targets — can now be accomplished in minutes. This compression of the attack cycle represents a fundamental shift in the economics of cybercrime, making attacks cheaper to execute and harder to defend against.

Jailbreaking and Prompt Manipulation: The Cat-and-Mouse Game Intensifies

One of the most striking revelations in the GTIG report is the extent to which threat actors are attempting to circumvent the safety guardrails built into AI platforms. Google documented numerous attempts by malicious users to “jailbreak” Gemini — that is, to manipulate the model through carefully crafted prompts into producing content it is designed to refuse, such as instructions for creating malware, generating deepfake content, or providing step-by-step guides for conducting cyberattacks.

As Techzine reported, Google stated that while its safety mechanisms successfully blocked many of these attempts, the persistence and creativity of the adversaries is notable. Some actors employed multi-step prompt chains, rephrasing requests in increasingly abstract or coded language to slip past content filters. Others attempted to use the AI to rewrite existing malicious code in ways that would make it less detectable by antivirus and endpoint detection tools. Google emphasized that it continually updates its safety protocols in response to these evolving tactics, but acknowledged that the contest between AI developers and those seeking to abuse their products is an ongoing and intensifying one.

The Influence Operations Dimension: AI as a Propaganda Machine

Beyond traditional cyber intrusions, the GTIG report highlighted the growing use of AI in information warfare and influence operations. Threat actors affiliated with multiple nations were found to be using Gemini to generate propaganda content, create fake social media personas, and draft disinformation narratives tailored to specific audiences. Iranian and Russian groups, in particular, were observed leveraging AI to produce large volumes of persuasive text designed to manipulate public opinion on geopolitical issues, sow discord in democratic societies, and amplify divisive narratives.

This dimension of AI abuse is particularly concerning in an era of heightened geopolitical tension and approaching electoral cycles in multiple Western democracies. The ability to generate human-sounding text at scale, customized for different platforms and audiences, represents a quantum leap in the capabilities available to state-sponsored disinformation operators. While social media platforms and governments have invested heavily in detecting and countering such operations, the integration of generative AI into the influence toolkit threatens to outpace existing defenses.

Google’s Response and the Broader Industry Reckoning

In response to the findings, Google has outlined a multi-pronged strategy for combating AI abuse. The company said it is investing in more robust content filtering and abuse detection mechanisms within Gemini and its other AI products. It is also sharing threat intelligence with industry partners and government agencies to help build a collective defense against AI-powered threats. Google’s Threat Intelligence Group has committed to publishing regular updates on adversarial AI trends, aiming to keep the cybersecurity community informed and prepared.

The GTIG report also serves as a call to action for the broader technology industry. As AI models become more powerful and widely accessible — not just through Google, but via OpenAI, Meta, Anthropic, and a growing roster of open-source projects — the potential for misuse scales accordingly. Industry leaders face a difficult balancing act: making AI tools broadly available to drive innovation and economic growth while preventing those same tools from becoming force multipliers for criminals and hostile governments. The challenge is compounded by the proliferation of open-source models, which lack the centralized safety controls that companies like Google can impose on their proprietary platforms.

What Enterprises and Defenders Must Do Now

For chief information security officers and enterprise security teams, the implications of the GTIG report are immediate and practical. Organizations must update their threat models to account for AI-enhanced attacks, which are likely to be faster, more personalized, and more difficult to detect than their predecessors. Phishing simulations and employee training programs should incorporate examples of AI-generated lures, which often lack the grammatical errors and formatting inconsistencies that have traditionally served as red flags.

Investments in AI-powered defensive tools are also becoming essential. Just as attackers are using AI to sharpen their offensive capabilities, defenders must leverage the same technology to improve threat detection, automate incident response, and analyze the vast volumes of data generated by modern enterprise networks. The arms race between AI-powered offense and defense is likely to define cybersecurity strategy for years to come.

The Stakes Have Never Been Higher

The Google Threat Intelligence Group’s latest findings confirm what many in the security community have long feared: the era of AI-augmented cybercrime is no longer approaching — it has arrived. The transition from experimentation to operational deployment by both state-sponsored and financially motivated threat actors marks a turning point. As generative AI continues to evolve and proliferate, the window for building effective defenses is narrowing. The report is a stark reminder that innovation in AI is a double-edged sword, and the cybersecurity community must move with equal speed and ingenuity to blunt its misuse.

For now, the burden falls on AI developers, governments, and enterprises alike to collaborate in ways that match the ambition and adaptability of the adversaries they face. The alternative — a world in which AI-powered attacks routinely overwhelm defenses — is one that no stakeholder can afford.