Google Detects Large-Scale Model Extraction Attempt
Google has revealed that it thwarted a massive attempt to extract and potentially clone its proprietary Gemini AI model. According to a recent quarterly threat report from the Google Threat Intelligence Group, the company intercepted and blocked more than 100,000 prompts believed to be part of a coordinated attempt to replicate the AI’s reasoning capabilities.
The prompts were designed to mimic the core traits of Gemini’s reasoning engine through a process known as model extraction or distillation. This method involves training a smaller model to emulate the functions of a more advanced one, thereby significantly reducing development time and cost. Google’s systems detected the suspicious activity in real time and implemented immediate countermeasures to protect the AI’s internal reasoning traces.
“Model extraction and subsequent knowledge distillation enable an attacker to accelerate AI model development quickly and at a significantly lower cost,” the report stated. “This activity effectively represents a form of intellectual property theft.”
Prompts Targeted Multilingual Reasoning Capabilities
The attempted attack involved instructing Gemini to maintain consistency between user input languages and its internal reasoning. This approach was likely designed to reverse-engineer the model’s ability to reason across different languages. Google noted the wide variety of multilingual questions indicated a strategy to replicate Gemini’s cross-linguistic reasoning abilities.
Google also reported frequent model extraction attempts by private sector entities and academic researchers, often disguising their intent as legitimate model comparison or evaluation efforts. While some of these activities may be well-intentioned, they still pose legal and ethical challenges if they violate terms of service or result in unauthorized use of proprietary data.
Other AI Developers Also Face Cloning Threats
Google isn’t alone in facing model extraction threats. OpenAI recently alerted U.S. lawmakers that Chinese AI company DeepSeek used sophisticated, obfuscated techniques to scrape results from major American AI models. OpenAI accused DeepSeek of attempting to “free-ride on the capabilities developed by OpenAI and other U.S. frontier labs.”
Ross Filipek, Chief Information Security Officer at Corsica Technologies, highlighted a shift in cybersecurity threats. “Model extraction doesn’t breach systems in the traditional sense,” he said. “Instead, it focuses on transferring the intellectual knowledge embedded within an AI model to help attackers accelerate their own development.”
Filipek emphasized that organizations offering AI as a service should implement tight governance and monitor API usage for unusual patterns that might indicate systematic extraction attempts. He recommended deploying response filtering and output controls to protect model behavior during potential breaches.
Nation-State Actors Exploit Gemini for Cyber Operations
Google’s report also detailed how nation-state-backed cybercriminals have begun leveraging Gemini to enhance their operations. Threat actors from China, Iran, North Korea, and Russia were noted to have integrated Gemini into cyber-espionage campaigns in late 2025.
Iranian group APT42, for instance, used Gemini to craft convincing social engineering messages. By feeding the model with biographical details of targets, they generated highly personalized content aimed at building trust. The group also utilized the AI for language translation and to understand cultural nuances.
Chinese groups APT31 and UNC795 reportedly employed Gemini for automating vulnerability analysis and debugging malicious code. North Korean hackers from UNC2970 mined Gemini for intelligence on defense contractors, enabling more precise phishing campaigns by understanding organizational structures and roles.
Google responded by disabling accounts and assets linked to these threat groups. Additionally, its DeepMind division used the intelligence to reinforce defenses against future misuse of AI tools.
Gemini Embedded in Malware and Underground Tools
Beyond espionage, Gemini is being misused in direct cyberattacks. Google discovered a new malware strain, named HONESTCUE, that integrates Gemini’s API directly into its command structure. The malware sends prompts that appear harmless when viewed individually, allowing it to bypass standard safety filters.
Pete Luban, Field CISO at AttackIQ, warned that “Integrating public AI models like Gemini into malware provides threat actors with powerful capabilities without requiring them to develop models from scratch.” He noted that this has led to significant improvements in malware sophistication, enabling faster movement within networks, more discreet attacks, and better mimicry of legitimate business operations.
Google also uncovered COINBAIT, a phishing kit built entirely using AI-generated code, and Xanthorox, an underground service masquerading as a custom malware generator. In reality, Xanthorox was a front for repackaging commercial AI tools, including Gemini. Both services were dismantled by Google.
Luban stressed the importance of adapting cybersecurity strategies to meet the evolving threat landscape. “Traditional defenses alone are no longer effective. Continuous testing and simulation of real-world threats are essential to ensure preparedness,” he said.
This article is inspired by content from Original Source. It has been rephrased for originality. Images are credited to the original source.