Foreign hackers are increasingly leveraging artificial intelligence technologies to enhance the efficiency of cyberattacks against targets worldwide, including the United States. According to Google, dozens of hacking groups across more than 20 countries have turned to the Gemini chatbot over the past year to assist in writing malicious code, identifying vulnerabilities, and gathering intelligence on potential victims.
For the first time, experts have provided a detailed account of how foreign adversaries are incorporating generative AI into their operations. Until now, Western analysts’ warnings about potential threats remained largely theoretical. It has now emerged that groups affiliated with China, Iran, and North Korea have been using Gemini primarily as an auxiliary tool to boost productivity rather than to develop fundamentally new hacking methods.
Google asserts that while AI is not yet a universal solution for cybercriminals, it enables them to operate with greater speed and efficiency. Last year, OpenAI also detected activity from five foreign hacking groups utilizing ChatGPT and subsequently blocked their accounts.
Among the most active adopters of Gemini are China and Iran. More than 20 Chinese and 10 Iranian groups have exploited the chatbot for reconnaissance, crafting phishing attacks, and studying methods of covert network infiltration. Iranian hackers have employed Gemini to analyze defense firms and generate content in English, Hebrew, and Farsi. Meanwhile, Chinese threat actors have focused on refining techniques for stealthy data exfiltration and privilege escalation within compromised systems.
North Korean hackers have used AI to fabricate fake résumés and cover letters to infiltrate Western companies, seeking to generate financial support for the country’s nuclear program.
Adding to the growing concerns is the emergence of the Chinese AI model DeepSeek, which, unlike Google’s and OpenAI’s proprietary solutions, has been released as open-source software. This lack of restriction makes it impossible to monitor its use, potentially enabling unrestricted applications in cyberattacks.
Amid these escalating threats, Google has urged the United States to tighten export controls on advanced semiconductors and simplify access to AI-powered services for national defense. The company emphasized that America’s leadership in AI will be jeopardized unless the government takes immediate action.
