GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
Summary
Threat actors are increasingly using AI and large language models (LLMs, systems trained on massive amounts of text to generate human-like responses) to discover vulnerabilities, create malware, and conduct cyberattacks at industrial scale, with groups linked to China, North Korea, and Russia demonstrating significant AI-enabled capabilities. AI is being used both as an attack tool (for generating exploits, evading defenses, and creating deepfakes) and as a target for compromise, with attackers seeking unauthorized access to AI systems through supply chain attacks and illicit model access. Google's Threat Intelligence Group reports these threats are advancing from experimental to mature operations, including autonomous malware like PROMPTSPY that can dynamically adapt to victim systems.
Solution / Mitigation
Google mitigates AI model abuse by disabling malicious accounts accessing Gemini. Additionally, Google employs AI agents like Big Sleep to identify software vulnerabilities and uses Gemini's reasoning capabilities through CodeMender to automatically fix vulnerabilities, while enhancing product safeguards to offer scaled protections to users.
Classification
Affected Vendors
Related Issues
Original source: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access/
First tracked: May 11, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%