The AI arms race: How cybercriminals are weaponizing generative AI (and what we can do about it)

?By Steven Myers

Just like The Force, AI can be used for good — or the Dark Side.

In the escalating battle between cybersecurity teams and cybercriminals, AI has become both an asset and a weapon. Facing increased attacks, healthcare organizations are scrambling to fortify their defenses using AI, but adversaries are evolving just as quickly. The latest report from Google’s Threat Intelligence Group (GTIG) sheds light on how bad actors — especially groups backed by nation-states — are leveraging generative AI (GenAI) to enhance their cyber operations.

How cybercriminals are using GenAI

GTIG’s research highlights that more than 50 nation-states are already integrating GenAI into their offensive tactics. While they haven't yet developed novel AI-driven attack techniques, they are using tools like Google’s Gemini for:

• Cyber espionage & reconnaissance – Researching vulnerabilities, mapping target infrastructure, and finding free hosting providers for malicious campaigns.
• Social engineering & influence operations – Creating convincing personas, crafting targeted disinformation campaigns, and automating social media manipulation.
• Malicious scripting & evasion – Aiding in payload development and refining evasion techniques.

The usual suspects — China, Russia, North Korea, and Iran (the most active) — are leading the charge, using AI-powered tools to refine their disinformation strategies and expand their global influence.

The good news: AI defenses are holding ... for Now

The report also provides a crucial reality check: AI is not (yet) a game-changer for cybercriminals. While GenAI is helping bad actors streamline attacks, Google’s safety mechanisms, including robust filtering and security controls, have largely prevented direct abuse. Attempts to jailbreak AI models like Gemini were unsuccessful, showing that responsible AI design can mitigate emerging threats.

But as GTIG warns, the AI landscape is evolving rapidly. New models and agentic systems emerge daily, and it’s only a matter of time before threat actors find new ways to exploit them.

Where do we go from here?

GTIG emphasizes the urgent need for security standards in AI development and deployment. Their Secure AI Framework (SAIF) proposes a proactive approach, drawing from proven cybersecurity best practices to:

• Harden AI models against adversarial use through red teaming and rigorous testing.
• Enhance AI transparency so organizations can detect and respond to misuse.
• Strengthen public-private collaboration to institutionalize AI threat intelligence sharing.

Similarly, the Healthcare Sector Coordinating Council (HSCC) released its Health Industry Cybersecurity Strategic Plan 2024-2029 (HIC-SP) last year, a call to action for healthcare organizations to implement foundational cybersecurity programs. This industry-specific plan aligns with GTIG’s recommendations by addressing operational, technological, and governance challenges posed by emerging threats over the next five years.

As healthcare remains a prime target for cyber threats, aligning with such strategic frameworks is crucial for resilience and security.

“The defenders are still ahead — for now," noted?Kent Walker, Google’s President of Global Affairs.?"To keep it that way, particularly as powerful new models ... begin to gain traction, American industry and government need to work together to support our national and economic security.”

The bottom line

AI is redefining the cybersecurity battlefield. While attackers are using GenAI to enhance their operations, defenders still hold the advantage, but it won’t last without additional action. The time to build resilient, secure AI infrastructure is now.

What’s your take? How should security teams prepare for AI-powered cyber threats?

Drop your thoughts in the comments, and check out the full five-article report from GTIG and the HSCC Cybersecurity Strategic Plan.

?