11 votes

Google's quarterly report on adversarial use of AI for Q4 2025

Posted by skybrian
Tags: security.cyber, cyberattacks, artificial intelligence, reports, source.google, long read
https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use

Link information

This data is scraped automatically and may be incorrect.

Title
GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use | Google Cloud Blog
Word count
3954 words

2 comments

  1. skybrian
    Link
    From the article: ...

    From the article:

    Google DeepMind and GTIG have identified an increase in model extraction attempts or "distillation attacks" [...] we observed and mitigated frequent model extraction attacks from private sector entities all over the world [...].

    [...] This quarterly report highlights how threat actors from the Democratic People's Republic of Korea (DPRK), Iran, the People's Republic of China (PRC), and Russia operationalized AI in late 2025 and improves our understanding of how adversarial misuse of generative AI shows up in campaigns we disrupt in the wild. GTIG has not yet observed APT or information operations (IO) actors achieving breakthrough capabilities that fundamentally alter the threat landscape.

    ...

    State-sponsored actors continue to misuse Gemini to enhance all stages of their operations, from reconnaissance and phishing lure creation to command-and-control (C2 or C&C) development and data exfiltration. We have also observed activity demonstrating an interest in using agentic AI capabilities to support campaigns, such as prompting Gemini with an expert cybersecurity persona, or attempting to create an AI-integrated code auditing capability.

    5 votes
  2. hamitosis
    Link
    Thanks for posting this. I’m so glad the Google TIG are working on this and publishing and sharing their learnings. And from reading I’m glad to see but honestly surprised that there hasn’t been...

    Thanks for posting this. I’m so glad the Google TIG are working on this and publishing and sharing their learnings.

    And from reading I’m glad to see but honestly surprised that there hasn’t been larger scale agentic attacks.

    As the open source models improve or are “jailbroken” via distillation from Gemini or Opus, as mentioned in the article, in not many cycles will powerful reasoning models run on consumer grade compute. When that happens imagine agentic adversaries deployed across a bot network like we’ve seen in large scale DDOS attacks.

    3 votes