Google Threat Intelligence Finds State-Sponsored Hackers Using Gemini AI Across Full Attack Lifecycle

Summary

Google's Threat Intelligence Group (GTIG) published research on February 13, 2026 revealing that state-sponsored hacking groups from China, Iran, North Korea, and Russia are actively using Google's Gemini AI model to enhance cyber operations across all stages of the attack lifecycle -- from reconnaissance to malware development to post-compromise actions. This represents one of the most detailed public disclosures of how adversarial nation-states are weaponizing commercial AI tools. Specific th