Google GTIG Reports State-Sponsored Hackers Weaponizing Gemini AI Across Full Attack Lifecycle
Published 2026-02-12AI Regulation and GovernanceHigh
Summary
Google's Threat Intelligence Group (GTIG) published a report on February 12 documenting how state-sponsored hacking groups from China, Iran, North Korea, and Russia are systematically using AI models — particularly Google's Gemini — across the full attack lifecycle. The report identifies specific threat actors including APT31 and APT41 (China), APT42 (Iran), UNC2970/Lazarus Group (North Korea), and Russian-linked groups using Gemini for target reconnaissance, phishing lure generation, vulnerabil
Alignment: Reinforces current position
Related Positions: ai-governance-and-risk.md
googlegtigstate-sponsored-hackersgeminicybersecurityapt31apt42lazarus-groupmalwarehonestcuephishingai-securitythreat-intelligence