In brief
- Google identified five malware families that query LLMs to generate or hide malicious code.
- A DPRK-linked group called UNC1069 used Gemini to probe wallet data and craft phishing scripts.
- Google says it has disabled the accounts and tightened safeguards around model access.
Google has warned that several new malware families now use large language models during execution to modify or generate code, marking a new phase in how state-linked and criminal actors are deploying artificial intelligence in live operations.
In a report released this week, the Google Threat Intelligence Group said it has tracked at least five distinct strains of AI-enabled malware, some of which have already been used in ongoing and active attacks.
The…
Jan 12 2026
