ADVERTISEMENT

Threat actors manipulating AI to “enhance all stages” of malicious attacks, Google intel warns

From ransomware and credential stealing to new malware strains, even posing as capture-the-flag (CTF) participants to manipulate chatbots, threat actors are officially embracing AI tools like never before, enhancing all stages of the cyberattack lifecycle, Google threat intelligence warns.

hackers, chairs, pc

Image by Cybernews.

Stefanie Schappert
Stefanie Schappert Senior Journalist
Nov 5, 2025 Updated: 6 November 2025 4 min read
Key takeaways:
Chrome Gemini AI features
Image by Cybernews

Autonomous and adaptive malware

Google threat intel finds AI malware
Image by Google Threat Intelligence Group (GTIG).

Behind the power curve

Gemini AI attack
Image by Cybernews.
ADVERTISEMENT

"CTF players" use chatbots for mass exploitation

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
Google threat intel finds AI criminal tools on marketplace
Capabilities of notable AI tools and services advertised in English- and Russian-language underground forums. Image by Google Threat Intelligence Group (GTIG).

AI throughout entire lifecycle

Google threat intel -North Korean nation-state actor using Gemini
North Korean UNC4899 (aka PUKCHONG) misuse of Gemini across the attack lifecycle. Image by Google Threat Intelligence Group (GTIG).
ADVERTISEMENT