The Google Threat Intelligence Group (GTIG) report outlines a significant shift in the cyber threat landscape, where adversaries have transitioned from experimental AI usage to industrial-scale application of generative models. Key findings include the discovery of AI-assisted zero-day exploits used by criminal actors and a growing interest from state-sponsored groups in the PRC and DPRK for vulnerability research. These actors are utilizing specialized datasets and agentic tools to automate exploit development and bypass traditional security scanners.
Beyond exploit development, threat actors are leveraging AI to orchestrate autonomous attacks and evade detection. The PROMPTSPY Android backdoor exemplifies this trend, using the Gemini API to navigate user interfaces and execute commands without human intervention. Additionally, groups like APT27 and various Russia-nexus actors are employing AI-generated decoy code and polymorphic techniques to camouflage malware activity. The report also highlights a rise in supply chain attacks targeting AI infrastructure, emphasizing the need for robust security frameworks like Google’s Secure AI Framework (SAIF) to protect the evolving AI software ecosystem.
Top comments (0)