Adversaries Embed AI Into Live Attack Workflows

Google Cloud's AI Threat Tracker and Google Threat Intelligence Group recently report that adversaries are increasingly integrating AI into active cyberattacks, with rising model-extraction ('distillation') attempts and malware calling commercial models like Gemini via API. The assessment documents state-aligned and criminal actors automating reconnaissance, vulnerability mapping, and tailored social engineering, signaling a shift toward operationalized AI threats that complicate detection and protection strategies.
Key Points
- 1Observe increased model-extraction (distillation) attempts targeting commercial generative systems like Gemini via API
- 2Indicate state-aligned and criminal groups embed AI across intrusion lifecycles for automated recon and tailored social engineering
- 3Require defenders to detect runtime model calls, protect model endpoints, and assume reduced static malware footprints
Scoring Rationale
Official Google reporting and wide industry scope increase impact; limited public technical detail and mitigation guidance slightly reduce score.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

