Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA: Preparing Critical Infrastructure for Post-Quantum Cryptography
August 24, 2022
Nation-states and private companies are actively pursuing the capabilities of quantum computers. Quantum computing opens up exciting new possibilities; however, the consequences of this new technology include threats to the current cryptographic standards. These standards ensure data confidentiality and integrity and support key elements of network security. While quantum computing technology capable of breaking public ...
- Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
August 24, 2022
There have already been reports on code-signed rootkits like Netfilter, FiveSys, and Fire Chili. These rootkits are usually signed with stolen certificates or are falsely validated. However, when a legitimate driver is used as a rootkit, that’s a different story. Such is the case of mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game ...
- New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks
August 23, 2022
A new data extortion group named ‘Donut Leaks’ is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. Two victims disclosed these attacks without much information regarding who was involved. Over the weekend, DESFA confirmed they suffered a cyberattack after Ragnar Locker leaked screenshots ...
- Legitimate SaaS Platforms Being Used to Host Phishing Attacks
August 23, 2022
Instead of creating phishing pages from scratch, more and more cybercriminals are now abusing legitimate software-as-a-service (SaaS) platforms, including various website builders or form builders, to host their phishing pages. Since these URLs are hosted on legitimate domains, they can be especially difficult for many phishing detection engines to detect. Furthermore, these platforms typically require ...
- Colorado: Cyber attack hits Fremont County government
August 23, 2022
Fremont County government services are being impacted by a cyber attack that began last week. According to a Facebook post made by Fremont County Emergency Management, county officials became aware of the attack, which was impacting county government systems, on Wednesday, Aug. 17. An incident response team led by Fremont County Emergency Management and the Governor’s Office ...
- New Iranian APT data extraction tool
August 23, 2022
As part of TAG’s mission to counter serious threats to Google and our users, they’ve analyzed a range of persistent threats including APT35 and Charming Kitten, an Iranian government-backed group that regularly targets high risk users. For years, Google TAG have been countering this group’s efforts to hijack accounts, deploy malware, and their use of ...