NextFin News - In a comprehensive security disclosure released on February 12, 2026, the Google Threat Intelligence Group (GTIG) warned of a significant escalation in attempts by both private entities and state-sponsored actors to steal proprietary artificial intelligence logic. The report, titled the AI Threat Tracker, details a surge in "model extraction" or "distillation" attacks, where attackers use legitimate API access to query frontier models repeatedly, effectively training a "student" model to replicate the original's internal reasoning. Beyond intellectual property theft, GTIG identified active misuse of its Gemini platform by advanced persistent threat (APT) groups linked to North Korea, China, Iran, and Russia to automate phishing, conduct technical research, and troubleshoot malicious code.
The findings reveal that the nature of cyber threats is shifting from traditional network intrusions to the exploitation of the AI interface itself. According to GTIG, one specific campaign involved "reasoning trace coercion," where attackers issued over 100,000 prompts designed to force the Gemini model to reveal its internal step-by-step logic rather than providing a standard user-facing summary. While Google confirmed it has successfully mitigated these specific attempts, the report underscores a growing trend where the cost and time required to build competing frontier models are being bypassed through these sophisticated extraction techniques. This poses a direct threat to the competitive advantage of U.S.-based AI developers and the broader national security framework supported by U.S. President Trump's administration.
The analysis of state-backed activity provides a chilling look at the operationalization of generative AI. For instance, a China-based actor tracked as UNC795 was observed using Gemini several days a week to troubleshoot code and conduct research. Another group, the North Korean-linked UNC2970, utilized the model to synthesize open-source intelligence and profile high-value targets within the aerospace and defense sectors. These actors are not just using AI to write better emails; they are integrating it into the full lifecycle of a cyberattack, from initial reconnaissance to the development of memory-resident malware that evades traditional static analysis. The report highlights a framework called HONESTCUE, which used Gemini's API to receive C# source code for second-stage malicious actions, complicating network-based detection.
From a strategic perspective, the rise of model extraction represents a fundamental challenge to the "moat" surrounding major AI providers. If proprietary logic can be distilled through an API for a fraction of the original training cost, the economic value of frontier models could depreciate rapidly. This trend is likely to force a shift in how AI services are delivered, moving away from open-ended API access toward more restrictive, monitor-heavy interfaces. The GTIG report suggests that organizations must now monitor API patterns for signs of distillation, much like they monitor network traffic for signs of exfiltration. This adds a new layer of complexity to the "bold and responsible" AI development path advocated by industry leaders.
Furthermore, the geopolitical implications are profound. As U.S. President Trump continues to emphasize American dominance in the AI sector, the aggressive pursuit of these technologies by adversaries suggests a digital arms race that has moved beyond software to the underlying cognitive logic of machines. The use of AI to generate "rapport-building phishing"—where attackers engage in multi-turn conversations to build trust—indicates that the human element of security is more vulnerable than ever. As language quality ceases to be a reliable indicator of a message's authenticity, the burden of defense will shift increasingly toward automated, AI-driven security systems capable of detecting behavioral anomalies in real-time.
Looking ahead, the emergence of "agentic AI"—systems designed to act with higher degrees of autonomy—is expected to be the next frontier for both attackers and defenders. While GTIG has not yet seen evidence of autonomous agents being used effectively in the wild, the interest from state-sponsored groups is palpable. The transition from AI as a tool to AI as an autonomous actor will likely redefine the speed of cyber warfare, necessitating a move toward "active defense" strategies where AI models are used to hunt and neutralize threats before they can execute. For the financial and tech sectors, the message is clear: the security of the model is now as critical as the security of the data it processes.
Explore more exclusive insights at nextfin.ai.
