AI-Enabled Malware Is No Longer Theoretical

Our team at Google Threat Intelligence Group (GTIG) just published our new AI Threat Tracker report. Adversaries are moving beyond using AI for productivity gains and are now deploying novel AI-enabled malware in active operations.

This marks a new phase of AI abuse, involving tools that leverage LLMs mid-execution to dynamically alter their behavior, generate malicious code, and evade detection.

A few key findings:

• First observation of “just-in-time” AI malware, like APT28’s PROMPTSTEAL, using LLMs in live operations.
• Discovery of experimental malware PROMPTFLUX using the Gemini API to attempt self-modification and evade detection.
• Actors are social engineering AI models, posing as students in a CTF competition to bypass safety guardrails.
• A maturing criminal marketplace for illicit, purpose-built AI tools is lowering the barrier for entry for less-skilled actors.

We are actively disrupting these actors, disabling associated assets, and continuously feeding these insights back to Google DeepMind to strengthen our classifiers and model safeguards against misuse.

• Blog: https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools
• Full report: https://services.google.com/fh/files/misc/advances-in-threat-actor-usage-of-ai-tools-en.pdf