Cybercriminals Increasing AI Use Across Attack Lifecycle, Google Warns
Google threat intelligence has identified a significant rise in cybercriminals employing AI tools to improve every phase of their attack strategies. These range from deploying ransomware and stealing credentials to creating novel malware variants.
Enhanced AI Adoption in Cyberattacks
Threat actors, including nation-state groups and less sophisticated hackers, are now in a "new operational phase of AI abuse." They integrate artificial intelligence deeply throughout the entire cyberattack lifecycle, pushing beyond traditional methods.
Examples of AI Abuse in Cybercrime
- Using AI-generated malware to evade detection
- Manipulating chatbots by pretending to be capture-the-flag (CTF) participants
- Exploiting large language models (LLMs) like Google's Gemini AI Assistant for malicious purposes
Google’s Analysis and Recommendations
In an update to its Adversarial Misuse of Generative AI report from early 2025, the Google Threat Intelligence Group (GTIG) details these emerging threats and advises cybersecurity teams on countermeasures to reinforce defenses against AI-driven attacks.
"Attackers over the past twelve months, from low-level vibe coders to nation-state actors, have been observed moving into 'a new operational phase of AI abuse'—one that is integrating and experimenting with AI, not only across the industry but throughout the entire attack lifecycle."
The full report, published on Wednesday, offers guidance to security professionals on mitigating risks associated with AI misuse.
Author's Summary
Cybercriminals increasingly exploit AI throughout their attack processes, prompting Google to warn and provide strategies to strengthen defenses against evolving threats.