
TrendAI details Gemini CLI-assisted botnet migration completed in six minutes
TrendAI says a new analysis of more than two hundred Gemini CLI session logs shows a Russian-speaking threat actor using the coding agent to migrate and operate command-and-control infrastructure for a small botnet. According to the researchers, the actor supplied high-level instructions while the agent handled architecture, code, deployment and debugging, completing the server migration in six minutes. The Register independently reported on the same TrendAI study and interviewed the company, but neither outlet independently verified the vendor-held logs or affected systems. This is a technical follow-up to earlier coverage of the Patriot Bait influence and fraud campaign, not a new Google product vulnerability. The practical risk is agentic tooling compressing operational work for a low-skill attacker, while the evidence remains a vendor research finding that should be read with attribution.














