A Chinese government hacking group sanctioned by the US has used Google’s AI chatbot Gemini to analyze vulnerabilities and plan cyberattacks against US organizations. This group, known as APT31 or Violet Typhoon, has been linked to exploiting Microsoft SharePoint bugs and has been accused of breaking into computer networks, email accounts, and cloud storage.
Using Gemini, the attackers automated the analysis of vulnerabilities and generated targeted testing plans. They also used an open-source tool called Hexstrike to analyze various exploits and identify technological weaknesses.
Google has since disabled accounts linked to this campaign. The company warns that attackers are increasingly using AI tools like Gemini and Hexstrike to support semi-autonomous offensive operations, making it harder for defenders to keep up.
The report highlights the threat of “distillation attacks,” where attackers attempt to extract insights into a model’s underlying reasoning and chain-of-thought processes to gain access to its technology. This allows them to accelerate AI model development at a lower cost.
Google is concerned about the ability of attackers to operate across different intrusions and automate vulnerability exploitation, giving them an advantage over defenders. The company believes it needs to leverage AI to respond more quickly to security threats than humans can on their own.
Source: https://www.theregister.com/2026/02/12/google_china_apt31_gemini