Hackers haven’t replaced humans with AI yet, but they’re certainly trying

Published: 13 February 2026
Last updated: 17 February 2026
AI threat actor
Image by Mdisk | Shutterstock

Cybercriminals and state-sponsored hacking groups are increasingly using artificial intelligence (AI) to carry out cyberattacks or phishing campaigns.

Google first reported that attackers were testing AI tools in real-world operations in late 2025. The latest Google Threat Intelligence report suggests that experimentation is continuing and maturing.

According to Google’s Threat Intelligence Group (GTIG) and Google DeepMind, the use of AI hasn’t yet led to game-changing attacks or “breakthrough capabilities” that fundamentally alter the threat landscape.

ADVERTISEMENT

Instead, cybercriminals, scammers, and hackers are experimenting with AI and gradually integrating the technology into their operations to improve familiar tactics, including researching potential victims, drafting phishing emails, summarizing open-source intelligence, and assisting with vulnerability analysis.

hacker-with-file
Image by Cybernews

For state-sponsored threat actors from countries such as China, Iran, North Korea, and Russia, large-language models (LLMs) have become essential tools to perform so-called “distillation attacks.”

In such a scenario, a threat actor uses access to mature LLMs in an attempt to extract knowledge on hacking techniques to train a new AI model. For example, APT 31, a Chinese-based threat actor, used Google’s AI chatbot Gemini to analyze vulnerabilities and plan cyberattacks against US organizations.

“This automated intelligence gathering is used to identify technological vulnerabilities and organizational defense weaknesses. This activity explicitly blurs the line between a routine security assessment query and a targeted malicious reconnaissance operation,” the report says.

Researchers found a growing interest in so-called agentic AI utilities among threat actors to support their intrusion activities. For now, systems that are capable of automation and AI decision-making aren’t fully operational. However, in the near future, such systems could lower the barrier for less skilled attackers.

Have thoughts about this topic? Others do, too. Join them in the discussion.

ADVERTISEMENT

The threat landscape is slowly shifting. This doesn’t mean businesses and organizations should immediately worry – rather, they should keep faith in traditional cybersecurity tools, such as employee awareness training, phishing detection, patch management, and strong authentication.

At the same time, cybersecurity experts may increasingly need to rely on AI-powered security tools to keep up with cybercriminals, hackers, and other threat actors who are steadily integrating AI into their operations.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT