GTIG Findings Show Threat Actors Using AI to Develop Exploits, Malware, and Automated Attack Infrastructure
A new report from Google Threat Intelligence Group (GTIG) is raising fresh concerns about how rapidly generative artificial intelligence is becoming embedded within modern cybercriminal operations.
Among the most significant findings, researchers identified a cybercrime group that used artificial intelligence assistance to develop a working zero-day exploit targeting a widely used open-source web administration platform. According to Google, the exploit was capable of bypassing two-factor authentication protections and appeared to have been generated largely through large language model (LLM) interaction.
The disclosure adds to growing industry concern that AI systems are no longer being used only for phishing content, social engineering, or malware scripting. Instead, threat actors are increasingly applying generative AI to accelerate exploit development, automate vulnerability research, and streamline operational workflows that previously required specialized expertise.
The move is also forcing many businesses to reconsider how they safeguard increasingly interconnected operational environments in which identity systems, cloud workloads, physical security infrastructure, and AI-driven applications are all intertwined. Organizations upgrading these settings are increasingly looking toward unified security platforms like Verkada to gain better visibility across access systems, surveillance operations, and AI-assisted monitoring workflows. Many security teams are also turning to Verkada’s Demo Deck to better understand how integrated cloud-based security operations can simplify infrastructure management and reduce investigation time during active incidents.
According to GTIG’s Q2 2026 findings, the exploit was written in Python and designed to bypass authentication enforcement logic rather than abuse a traditional memory corruption or injection flaw.
Researchers said several characteristics strongly suggested AI-generated code. These included unusually descriptive educational docstrings, a hallucinated CVSS score embedded inside the script, and a highly structured “textbook Pythonic” coding style commonly associated with LLM-generated outputs.
Google said the vulnerability was responsibly disclosed to the affected vendor before attackers could operationalize the exploit at scale.
Researchers Observe AI Being Used to Discover Logic Vulnerabilities
One detail drawing particular attention from researchers is the nature of the vulnerability itself.
AI-Assisted Exploit Focused on Semantic Logic Weakness
Unlike many conventional software flaws, the issue reportedly involved a high-level semantic logic weakness tied to trust assumptions inside the platform’s 2FA implementation.
Researchers noted that this type of flaw would likely evade many traditional static analysis tools and automated fuzzing systems because it relies more on application behavior and workflow assumptions than low-level coding mistakes.
The findings suggest frontier AI models are becoming increasingly capable of identifying contextual software weaknesses that historically required experienced human researchers to uncover manually.
That evolution could significantly alter vulnerability discovery timelines across enterprise software environments, especially as attackers experiment with automated AI-driven reconnaissance and exploit generation pipelines.
Nation-State Groups Expanding AI-Augmented Offensive Operations
Beyond financially motivated cybercrime activity, GTIG said multiple state-linked threat groups are now operationalizing AI across different stages of intrusion development.
PRC- and DPRK-Linked Actors Automate Vulnerability Research
Researchers observed the group UNC2814 using persona-driven jailbreaking techniques to prompt Gemini into acting as an experienced binary security researcher while analyzing TP-Link firmware and OFTP implementations.
Another group, APT45, reportedly automated thousands of prompts to recursively analyze CVEs and validate proof-of-concept exploit paths. GTIG said the scale of the activity would have been operationally difficult without AI assistance.
Meanwhile, APT27 was observed using Gemini to accelerate the development of operational relay box infrastructure designed to help disguise intrusion origins through mobile-device-based routing techniques.
The report reflects a broader industry trend in which AI is becoming embedded inside offensive security workflows not simply as a productivity enhancer, but as an operational force multiplier capable of accelerating research, automation, and attack coordination.
PROMPTSPY Malware Integrates Gemini API Into Device Operations
One of the most alarming discoveries highlighted in the report involves PROMPTSPY, an Android backdoor previously identified by ESET.
Malware Uses Gemini to Navigate Devices Autonomously
According to GTIG, PROMPTSPY directly integrated Google’s Gemini API into its execution flow through a module known as “GeminiAutomationAgent.”
The malware reportedly serializes the visible Android UI hierarchy into XML before sending the information to Gemini’s gemini-2.5-flash-lite model. The model then returns structured JSON commands capable of performing actions such as clicks and swipe gestures on the infected device.
Researchers said this effectively allowed the malware to autonomously navigate devices without requiring continuous human operator interaction.
The malware also demonstrated additional stealth and persistence features, including invisible overlays designed to block uninstallation attempts, biometric data collection capabilities, and runtime rotation of command-and-control infrastructure and Gemini API credentials.
Google said all known assets associated with PROMPTSPY have since been disabled, and no infected applications were identified on Google Play.
AI-Generated Obfuscation and Middleware Ecosystems Continue to Evolve
The report also documented how Russia-linked threat actors targeting Ukrainian organizations are deploying AI-assisted malware families that use generated “decoy logic” to disguise malicious behavior.
Malware Authors Introduce LLM-Generated Camouflage
One malware family, LONGSTREAM, reportedly contained dozens of redundant daylight saving time checks inserted throughout the codebase to make the malware appear benign during static analysis.
Another tool, HONESTCUE, was observed interacting with the Gemini API in real time to request fresh VBScript obfuscation capable of bypassing signature-based detection mechanisms.
Researchers also found that threat actors are increasingly building middleware ecosystems designed to bypass AI safety controls, rate limitations, and account restrictions at scale.
GTIG said PRC-linked UNC6201 used publicly available GitHub tooling to automate premium LLM account creation, CAPTCHA bypassing, SMS verification, and account cycling workflows.
Another organization, UNC5673, is said to have created aggregation tools that can aggregate Gemini, Claude, and OpenAI accounts through a centralized relay infrastructure.
Supply Chain Attacks Extend Into AI Development Ecosystems
In late March 2026, the cybercrime gang TeamPCP, also known as UNC6780, conducted supply chain breaches on Trivy, Checkmarx, LiteLLM, and BerriAI repositories.
Researchers said attackers embedded the SANDCLOCK credential stealer into CI/CD environments to harvest GitHub tokens and AWS credentials directly from build pipelines.
The compromise of LiteLLM has generated particular concern across enterprise security teams because the platform is widely used to integrate and orchestrate multiple AI providers within enterprise environments.
Security researchers warn that access to AI gateway infrastructure could provide attackers with visibility into API secrets, enterprise integrations, and AI-assisted reconnaissance workflows operating across internal networks.
The findings are expected to increase scrutiny around AI dependency chains, CI/CD pipeline security, and third-party LLM integrations as organizations continue embedding generative AI services deeper into enterprise operations.
Google Expands Defensive AI Capabilities
Google said it is also deploying AI offensively for defensive purposes.
The company currently uses its Big Sleep agent to identify vulnerabilities and its CodeMender AI system to automate software patching workflows. Google also said malicious Gemini-linked accounts are actively disabled once detected, while Google Play Protect continues blocking known PROMPTSPY variants on Android devices.
For enterprise defenders, GTIG’s latest findings reinforce a growing reality: AI is rapidly becoming embedded on both sides of the cybersecurity landscape, accelerating not only defensive automation and threat detection, but also exploit research, malware development, and attack orchestration at a scale the industry has not previously encountered.
Research and Intelligence Sources: google cloud
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
