Signal

Google warns threat actors are using gemini for recon and attack support

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-02-12 07:00 UTCUpdated 2026-02-12 17:57 UTC

rss

threat_intelligenceai_securityaptdefense_industryreconnaissancemalware_development

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

thehackernews · News · thehackernews.com · 2026-02-12 17:57 UTC

Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says

The Record (Recorded Future News) · News · therecord.media · 2026-02-12 13:59 UTC

Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns

SecurityWeek · News · securityweek.com · 2026-02-12 11:12 UTC

Google: China's APT31 used Gemini to plan cyberattacks against US orgs

The Register Security · News · go.theregister.com · 2026-02-12 07:00 UTC

View all evidence

Overview

A set of reports citing Google describe how multiple threat actors are incorporating Google’s Gemini into operational workflows—using it for target reconnaissance, vulnerability research, scripting/malware coding support, and post-compromise enablement—while Google also warns that a broad mix of state actors, cybercriminals, and hacktivists are targeting the global defense industry.

Entities

GoogleGemini

Score total

1.4

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

Google reports current observations of Gemini use by threat actors
Multiple outlets amplified the same set of Google-linked findings in a 24h window
Coverage highlights both AI-enabled tactics and sector targeting (defense)

Why it matters

AI-assisted recon and scripting can speed up multiple phases of cyber operations
Defense industry targeting raises risk to sensitive supply chains and programs
Vulnerability research support may increase attacker throughput

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Google says nation-state actors are using Gemini for reconnaissance and attack support tasks such as scripting/coding and vulnerability research.
Google warns that hacktivists, state actors, and cybercriminals are targeting the global defense industry.

How sources frame it

The Record: neutral
The Hacker News: neutral
The Register: neutral
SecurityWeek: neutral

Cluster merges multiple outlets summarizing Google reporting on threat actors using Gemini for recon, vulnerability research, and attack support.

All evidence

All evidence

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

thehackernews · thehackernews.com · 2026-02-12 17:57 UTC

Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says

The Record (Recorded Future News) · therecord.media · 2026-02-12 13:59 UTC

Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns

SecurityWeek · securityweek.com · 2026-02-12 11:12 UTC

Google: China's APT31 used Gemini to plan cyberattacks against US orgs

The Register Security · go.theregister.com · 2026-02-12 07:00 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

thehackernews (1)
The Record (Recorded Future News) (1)
SecurityWeek (1)
The Register Security (1)

Top origin domains (this list)

thehackernews.com (1)
therecord.media (1)
securityweek.com (1)
go.theregister.com (1)