• GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats that matter most. • Contact Us & Get a DemoExecutive Summary Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group (GTIG) has identified a shift that occurred within the last year: adversaries are no longer leveraging artificial intelligence (AI) just for productivity gains, they are deploying novel AI-enabled malware in active operations. • This marks a new operational phase of AI abuse, involving tools that dynamically alter behavior mid-execution. • This report serves as an update to our January 2025 analysis, “Adversarial Misuse of Generative AI,” and details how government-backed threat actors and cyber criminals are integrating and experimenting with AI across the industry throughout the entire attack lifecycle. • Our findings are based on the broader threat landscape. • At Google, we are committed to developing AI responsibly and take proactive steps to disrupt malicious activity by disabling the projects and accounts associated with bad actors, while continuously improving our models to make them less susceptible to misuse.
Article Summaries:
- Google Threat Intelligence Group (GTIG) reports a new phase in AI abuse: adversaries are deploying “just‑in‑time” AI‑enabled malware that generates malicious code on the fly. Families such as PROMPTFLUX and PROMPTSTEAL use large language models during execution to obfuscate themselves and create functions dynamically, marking a move toward autonomous threats. Attackers also employ social‑engineering prompts to trick AI safety guardrails, while an underground marketplace now sells multifunctional AI tools for phishing, malware, and vulnerability research. State‑backed actors from North Korea, Iran, and China continue to use Gemini‑powered tools across the full attack lifecycle. Google notes it has disabled malicious projects and is tightening its own models to curb misuse.
Sources: