State-backed hackers use Gemini AI at every attack stage — your defences need fixing now

State-backed hackers using Google’s Gemini AI at every stage — your risk register just got a promotion

Quick facts, straight up

Google has reported that state-sponsored hacking groups, including actors tied to China, Iran, North Korea and Russia, are using the Gemini AI system to assist in cyber operations. While details vary by campaign, Google says Gemini has been used for reconnaissance and to support attack activities across nearly every stage of an operation, including target profiling, phishing kit creation, malware tinkering and model extraction attempts.

Since Google announced its findings, security teams need to treat this as a shift in adversary tooling, not just another headline. The capability to accelerate recon and refine malicious artefacts matters to every organisation that holds data, runs services, or relies on suppliers.

Why this matters to boards, IT and anyone who pays the bills

Although the report names nation-state groups rather than a single victim, the business consequences are clear. Faster, AI-assisted reconnaissance means attackers can find weak doors quicker. Faster attacks mean less time to detect and contain them. Faster refinement of phishing and malware means higher success rates. That equals bigger chances of data loss, operational disruption, regulatory scrutiny and nasty legal bills.

Given regulators and customers increasingly expect demonstrable cyber hygiene, being slow to respond is no longer a reputational risk only, it can affect contracts and insurance. Boards do not like surprises. Ransom demands and days of downtime are bad for margins and worse for trust. So no, this is not an academic problem for your security folks to solve quietly over lunch.

What could go wrong if you ignore this

While you nibble around the edges, adversaries could quietly automate tailored phishing campaigns that mimic internal styles, or use model extraction to infer sensitive training data. They might craft malware that avoids detection by iterating quickly. They could compromise suppliers after a brief reconnaissance sweep and pivot into your network before anyone spots the odd login.

Small failures scale. Unpatched services, weak API keys, permissive access and poor supplier checks become a map for an AI-assisted attacker, and recovery costs climb fast. Backups that haven’t been tested are like a parachute you have never bothered to open. Don’t be the business that finds out the hard way.

How recognised standards could have reduced the risk

Since the issue is about faster, smarter adversaries, stronger fundamentals matter more than ever. An ISO 27001 information security management system forces you to identify the most valuable assets, assess threats and apply proportionate controls such as tighter access management, logging and supplier assurance. While no standard guarantees total prevention, ISO 27001 changes the odds in your favour by turning security into measured, repeatable practice rather than a series of heroic one-off fixes.

Although avoiding downtime outright is unrealistic, an ISO 22301 business continuity plan helps ensure you can keep serving customers and paying staff while you sort the technical mess. And for baseline technical hygiene, simple certifications such as Cyber Essentials and IASME reduce obvious attack surfaces that AI-assisted adversaries will exploit first.

Practical steps you can take today

Following a sensible, layered approach matters now more than ever. Below are clear actions to start within a week, not a fiscal quarter.

• Harden identity and access — enforce multi-factor authentication everywhere, remove excessive admin rights and rotate API keys. If an attacker can call your systems with credentials, they will.
• Hunt and log — make sure logging is on, collected centrally and monitored. AI speeds attacks, so you need faster detection.
• Review supplier access — check who has API or network access to your systems, document it, and apply least privilege. Use contractual controls and ask for evidence, just like you would request insurance papers.
• Test incident response and recovery — run tabletop exercises and full restores from backups under a BCMS approach so you know what works and what does not.
• Train people where it counts — phishing and social engineering remain primary vectors, so give staff realistic, recurring awareness training such as usecure, and measure the results.
• Control your AI exposure — inventory who is using hosted models and why, secure API keys, apply rate limits, monitor unusual prompt volumes and ensure sensitive data is not being fed into external models without controls.

Linking this to ISO 27001 controls

Although ISO 27001 is not prescriptive about tools, it is explicit on process. Implementing risk assessment, asset classification, access control, supplier management and incident response processes will reduce both the likelihood and impact of AI-assisted attacks. If you want external help, Synergos can guide you through setting up an ISO 27001 ISMS, integrating continuity with ISO 22301, and improving baseline controls with Cyber Essentials.

Actions for leaders this week

While teams argue over tooling, the board should get two quick updates: a short risk summary showing exposure to AI-assisted threats, and an incident readiness status, covering detection capability, recovery times and supplier risks. Ask for measurable remediation deadlines, not vague promises.

Since attackers are using AI to speed up their work, you need to speed up yours. Prioritise simple wins, then address the harder items with a clear plan that maps to ISO 27001 controls.

Remember, this is not about chasing the latest gadget. It’s about knowing where your crown jewels are, who can reach them, and how quickly you can close the door if someone starts picking the lock.

Be pragmatic. Start with access, logging and tested recovery. Then layer in supplier checks, staff training and explicit controls around model usage. If you want help mapping those steps into a certification-ready programme, see Synergos support packages and the Synergos Training Academy.

Make this the week you stop treating AI-assisted attackers as a future problem. Your security will thank you, and so will your customers.