TL;DR: Google Threat Intelligence Group says it has documented the first known uses of Gemini in live malware attacks, alongside multiple AI-enabled malware families that can generate scripts, alter obfuscation, and support phishing, reconnaissance, and ransomware workflows during an attack, according to Swarmnetics. Static, rules-based defence is now competing with adversarial tooling that can adapt mid-execution.
NHIMG editorial — based on content published by Swarmnetics: AI Cyber Threats Enter New Phase as Google Team Discovers Just in Time LLM-Powered Malware
Questions worth separating out
Q: How should security teams defend against LLM-powered malware that adapts during an attack?
A: Security teams should assume the attack path can change in real time and build controls around behaviour, containment, and identity restriction.
Q: Why do exposed credentials matter more when attackers use AI-assisted malware?
A: Exposed credentials give adaptive malware a foothold it can use to generate scripts, explore systems, and change tactics faster than manual attackers.
Q: What do security teams get wrong about AI-driven ransomware?
A: They often focus on whether the malware is novel instead of whether the operator behaviour is familiar.
Practitioner guidance
- Tighten runtime controls around AI-accessible tooling Block or constrain outbound model calls, command execution, and script generation paths where malware could reach them, then monitor for unusual prompt-to-action chains in production environments.
- Reduce the value of stolen identity material Prioritise least privilege, short-lived access, and aggressive revocation for service accounts, API keys, and session tokens so an AI-assisted attacker has less room to pivot after initial compromise.
- Shift detections toward behaviour, not signatures Tune SOC use cases for rapid obfuscation changes, unusual code generation, and abnormal repository or environment enumeration rather than relying on fixed malware indicators.
What's in the full analysis
Swarmnetics's full analysis covers the operational detail this post intentionally leaves for the source:
- How Google Threat Intelligence Group characterises the first known Gemini-involved malware activity and the specific limitations observed in early deployments.
- The report's breakdown of AI-enabled malware families, including where they support phishing, reconnaissance, obfuscation, and ransomware workflows.
- The examples of jailbreak and abuse prompting that showed how threat actors got model assistance past safety boundaries.
- The vendor's discussion of how defenders can adapt monitoring and response to the emerging AI attack cycle.
👉 Read Swarmnetics's analysis of LLM-powered malware and AI-enabled attack adaptation →
LLM-powered malware and adaptive attacks: what do teams need now?
Explore further
Adaptive malware creates a control problem, not just a detection problem. The central change is that offensive tooling can now modify its own behaviour during execution, which weakens any defence strategy that depends on a stable attack pattern. That shifts emphasis toward runtime policy, behavioural detection, and identity containment rather than static malware signatures alone. Practitioners should assume attackers will probe controls in real time and should design for interruption, not certainty.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when AI tools are abused to support malware operations?
A: Accountability sits across AI governance, security operations, and identity ownership. Teams that approve models, expose them to users, or connect them to tools need documented controls for abuse detection, access restriction, and incident response. Where AI assistants are integrated into workflows, governance must cover both the model and the permissions around it.
👉 Read our full editorial: LLM-powered malware is shifting attacks from static to adaptive