Google Exposes Major Distillation Attacks on Gemini AI Chatbot
Google has disclosed that its advanced artificial intelligence chatbot, Gemini, has been the target of extensive "commercially motivated" hacking campaigns. In a recent report, the technology giant revealed that attackers submitted more than 100,000 queries in an effort to clone the Gemini system through repeated prompts. This activity, described as "model extraction," involves probing the AI to uncover its inner workings, patterns, and logic, potentially to build or enhance competing AI models.
Rising Threat of AI-Enabled Cyber Attacks
In the final quarter of 2025, Google's Threat Intelligence Group (GTIG) observed a significant increase in threat actors leveraging artificial intelligence to accelerate their attack cycles. These actors achieved notable productivity gains in areas such as reconnaissance, social engineering, and malware development. The report serves as an update to findings from November 2025, emphasizing the growing sophistication in the use of AI tools by malicious entities. By identifying early indicators and offensive proofs of concept, GTIG aims to equip defenders with the intelligence needed to anticipate and proactively counter the next wave of AI-enabled threats, thereby strengthening both classifiers and models.
Global Origins and Competitive Motives
Google believes that the culprits behind these attacks are primarily private companies or researchers seeking a competitive advantage in the rapidly evolving AI landscape. A spokesperson informed NBC News that the attacks originated from various locations around the world, though the company declined to provide additional details about specific suspects. This global scope underscores the widespread interest in replicating proprietary AI technologies, which tech firms have invested billions to develop.
Vulnerabilities in Large Language Models
John Hultquist, chief analyst of Google's Threat Intelligence Group, warned that the scope of attacks on Gemini indicates they are likely to become common against smaller companies' custom AI tools as well. "We're going to be the canary in the coal mine for far more incidents," Hultquist stated, though he refrained from naming any suspects. Google considers distillation attacks a form of intellectual property theft, highlighting the inherent vulnerability of large language models. Despite mechanisms to detect and block such attacks, these models remain accessible to anyone on the internet, making them prime targets for extraction efforts.
Historical Context and Industry Implications
This is not an isolated incident in the AI industry. Last year, OpenAI accused its Chinese rival, DeepSeek, of conducting similar distillation attacks to improve its own models. Many of the attacks on Gemini were specifically crafted to tease out the algorithms that enable the chatbot to "reason" or decide how to process information. As more companies develop custom large language models trained on potentially sensitive data, they become increasingly vulnerable to such threats. Hultquist illustrated this risk: "Let's say your LLM has been trained on 100 years of secret thinking of the way you trade. Theoretically, you could distil some of that."
Proactive Measures and Future Outlook
Google's report emphasizes the need for proactive defense strategies in the face of evolving AI security challenges. By sharing these insights, the company aims to foster a more secure environment for AI development and deployment. The increasing integration of AI in cyber attacks necessitates continuous innovation in threat detection and response mechanisms to protect intellectual property and maintain competitive edges in the technology sector.
