Cybercriminals Increasing AI Usage in Attacks, Warns Google Intel
Threat actors are significantly expanding their use of AI tools to improve every phase of cyberattacks, from malware deployment to credential theft, according to Google threat intelligence.
Cybercriminals now harness AI in diverse ways, including ransomware creation, developing new malware variants, and even impersonating capture-the-flag (CTF) participants to manipulate chatbots. This marks a clear evolution in their methods, leveraging AI more deeply throughout the attack lifecycle.
Shift in Cybercriminal AI Strategies
In an updated report titled Adversarial Misuse of Generative AI, published early in 2025, Google's threat intelligence team describes a notable transformation in how cybercriminals exploit AI technology.
"Over the past twelve months, from low-level coders to nation-state actors, attackers have entered a new operational phase of AI abuse, integrating and experimenting with AI across the industry and throughout the entire attack lifecycle."
The Google Threat Intelligence Group (GTIG) detailed these findings in a blog post released on Wednesday, highlighting the emerging risks posed by AI misuse.
Recommendations for Cybersecurity Teams
- Implement stronger defenses against large language model (LLM) exploitation.
- Pay particular attention to threats related to Google’s Gemini AI Assistant.
- Regularly update security protocols to address evolving AI-enhanced attack methods.
The report urges cybersecurity teams to adopt proactive measures to protect their systems from these advancing AI-driven threats.
"The integration and experimentation with AI by threat actors are affecting the entire lifecycle of cyberattacks, demanding enhanced security responses."
Author's Summary: Google intelligence reveals cybercriminals are rapidly adopting AI technologies to improve all stages of cyberattacks, urging security teams to strengthen defenses against AI-driven threats.