GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

• GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats that matter most. • Contact Us & Get a DemoIntroduction In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle, achieving productivity gains in reconnaissance, social engineering, and malware development. • This report serves as an update to our November 2025 findings regarding the advances in threat actor usage of AI tools. • By identifying these early indicators and offensive proofs of concept, GTIG aims to arm defenders with the intelligence necessary to anticipate the next phase of AI-enabled threats, proactively thwart malicious activity, and continually strengthen both our classifiers and model. • Executive Summary Google DeepMind and GTIG have identified an increase in model extraction attempts or “distillation attacks,” a method of intellectual property theft that violates Google’s terms of service. • Throughout this report we’ve noted steps we’ve taken to thwart malicious activity, including Google detecting, disrupting, and mitigating model extraction activity.

Article Summaries:

• Google Threat Intelligence Group (GTIG) reports a sharp rise in AI‑enabled attacks in Q4 2025. Threat actors are using large language models for reconnaissance, phishing, and rapid malware development, with state‑backed groups from DPRK, Iran, China, and Russia leading the effort. The most common technique is “distillation” or model‑extraction attacks, which clone proprietary AI logic. New malware families, such as HONESTCUE, exploit Gemini’s API to generate code for secondary payloads. Underground services like Xanthorox offer “jailbroken” models that rely on commercial APIs. GTIG is actively disrupting these activities and tightening its own models to reduce susceptibility.
• Google’s Threat Intelligence Group (GTIG) released a Q4 2025 update noting a surge in adversaries using artificial intelligence to speed up attacks. The report highlights rising “distillation” or model‑extraction attacks aimed at stealing proprietary AI models, and documents how state‑backed actors from DPRK, Iran, China and Russia are employing large language models for reconnaissance, phishing and rapid malware development. New malware families, such as HONESTCUE, now use Gemini APIs to generate code for secondary payloads, while underground services claim independent models but rely on jailbroken commercial APIs. GTIG stresses ongoing efforts to detect, disrupt and mitigate these AI‑enabled threats.

Sources:

• https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use/