Cybercriminals Increasing AI Use in Cyberattacks, Google Warns
Google threat intelligence reveals that cybercriminals are increasingly adopting AI tools to enhance every phase of their attack strategies. This includes activities like ransomware deployment, credential theft, new forms of malware, and even impersonation of capture-the-flag (CTF) participants to manipulate chatbots.
Shift in AI Exploitation by Threat Actors
In an update to its Adversarial Misuse of Generative AI report published early in 2025, Google Threat Intelligence Group (GTIG) highlighted a significant change in how cybercriminals leverage artificial intelligence. Over the past year, attackers ranging from low-level coders to nation-states have entered a "new operational phase of AI abuse," integrating AI technology throughout the entire cyberattack lifecycle.
“Attackers have been observed moving into a new operational phase of AI abuse, integrating and experimenting with AI across the industry and throughout the entire attack lifecycle.”
Details from Google Threat Intelligence Group
GTIG published these findings in a detailed blog post on Wednesday, outlining the evolving tactics cybercriminals use to exploit AI capabilities. The report also offers practical advice for cybersecurity teams on how to strengthen defenses against these emerging threats.
- Abuse of large language models (LLMs)
- Exploitation of Google’s Gemini AI Assistant
- Use of AI to create new malware strains
- Manipulating chatbots by posing as CTF competitors
Protective Measures and Recommendations
The blog provides guidance for security professionals to mitigate AI-driven attacks, emphasizing proactive system hardening against the misuse of generative and assistive AI technologies.
“The report provides cybersecurity teams with steps to harden systems against these new threats, including abuse of LLMs and Google’s Gemini AI Assistant.”
Summary: Cybercriminals are rapidly advancing their use of AI to optimize cyberattacks across all stages, prompting Google to urge enhanced defensive measures against these evolving AI-powered threats.