Our report on adversarial misuse of AI, highlighting model extraction, augmented attacks, and new AI-enabled malware.

Google Cloud Platform provides a suite of cloud computing services for building, deploying, and managing applications and infrastructure on Google's global network. Developers can learn about cloud-native development, machine learning, and big data analytics to leverage GCP's scalable and reliable cloud infrastructure for their projects.

Google Cloud

Google's Threat Intelligence Group reports increasing adversarial misuse of AI in Q4 2025, including model extraction attacks attempting to steal proprietary AI capabilities, government-backed threat actors using LLMs for reconnaissance and phishing, and experimental AI-integrated malware like HONESTCUE that leverages Gemini's API for code generation. While no breakthrough capabilities emerged, threat actors from DPRK, Iran, China, and Russia are operationalizing AI across the attack lifecycle—from target profiling to malware development. Google disrupted multiple campaigns by disabling associated accounts and continues strengthening model safeguards against misuse.

GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

Direct Model Risks: Disrupting Model Extraction Attacks