Cybersecurity of the Grid

Hackers “affiliated” with Iran have been targeting programmable logic controllers, or PLCs, used in critical sectors including power grid operations, the U.S. Cybersecurity and Infrastructure Security Agency warned in an advisory Tuesday.

The advisory went out to the energy sector, along with water and wastewater and government services and facilities sectors, as the U.S.-Israeli war against Iran entered its sixth week.

CISA said the hackers were “conducting exploitation activity” targeting operational technology, including PLCs, leading to “disruptions” of the controllers “across several U.S. critical infrastructure sectors.” 

The North American Electric Reliability Corp. said it is “actively monitoring the grid” and coordinating with the U.S. Department of Energy and the Electricity Subsector Coordinating Council. A ceasefire announced after the advisory went out appeared to be holding early Wednesday, but the outcome of negotiations remains uncertain.

“Iranian-affiliated [advanced persistent threat] targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities,” CISA said.

Hackers disrupted PLCs through “malicious interactions” with software and configuration settings, and by manipulating data on human machine interface and supervisory control and data acquisition displays, “resulting in operational disruption and financial loss,” the advisory said, without providing details about the target or targets.

The agency, which sits within the Department of Homeland Security and coordinates critical infrastructure security and resilience, said U.S. organizations should “urgently review” tactics hackers may use to compromise the controllers and warningsigns that a system has been compromised.

CISA’s security advisory was jointly issued with other federal entities, including the National Security Agency and DOE. It did not say what sectors had experienced disruptions.

The alert was issued as tensions between Iran and the U.S. escalated ahead of a Tuesday evening deadline set by President Donald Trump, who threatened to bomb Iranian power plants and other civilian infrastructure.

Electric utilities are on high alert, but maintain this is familiar territory, according to the Edison Electric Institute, a trade group representing investor-owned utilities.

"The threat of cyber and physical attacks targeting critical infrastructure is not new,” Jennifer DeCesaro, senior vice president of industry operations at EEI, said in an email to Utility Dive.

The group partners with the government through the Electricity Subsector Coordinating Council “to share actionable intelligence and prepare to respond to incidents that could affect our ability to provide electricity safely and reliably,” she said.

NERC also sent a warning to members of the Electricity Information Sharing and Analysis Center, which primarily includes North American electricity and natural gas industry asset owners and operators.

The alert “amplifies the U.S. government advisory and encourages industry vigilance and the lowering of thresholds for sharing of suspicious cyber or physical security activity,” Kimberly Mielcarek, NERC vice president of corporate and external communications, told Utility Dive.

“Our Watch Operations team is actively monitoring the grid, while we continue to coordinate closely with the Department of Energy, the Electricity Subsector Coordinating Council, and our federal and provincial partners,” she said.

PLCs are “critical for grid automation,” particularly in distribution and generation, Joe Saunders, CEO of RunSafe Security, said in an email. The company provides embedded software security for critical infrastructure.

About 50% to 80% of U.S. grid control endpoints rely on PLCs, he noted.

“They are often used for substation automation, managing distributed energy resources, and balancing plant controls for generation — and as a result, PLCs are essential for maintaining a resilient grid,” Saunders said. “If PLCs were compromised, power generation could shut down and distribution networks could shutdown.” 

CISA’s advisory singled out a brand of PLC manufactured by Rockwell Automation, but said others could be impacted.

A Rockwell spokesperson told Utility Dive that it “takes seriously the security of its products and solutions and has been closely coordinating with government agencies” in connection with the joint cybersecurity advisory. The company has published advisories with “recommendations for how customers can strengthen the security of their operational technology deployments.”

CISA’s advisory “should be a wake-up call for anyone who thinks this threat is contained,” Brad LaPorte, chief marketing officer at endpoint security firm Morphisec, told Utility Dive.

There are somewhere between 600,000 and 2 million PLCs deployed across U.S. critical infrastructure, LaPorte said.

“Many of these systems run on legacy operating systems that were never designed with today’s threat environment in mind,” he said.

The two-week ceasefire in Iran is an opportunity for utilities to scrutinize their systems for vulnerabilities, ReversingLabs Chief Trust Officer Saša Zdjelar told Utility Dive.

“For anyone in critical infrastructure or supporting U.S. government and defense, this is the time to take a hard look at operational resilience and what it actually takes to keep running when you can't fully trust what's already in your environment,” Zdjelar said.

A recent cyberattack on Poland’s energy grid should put all critical infrastructure operators on notice about the risks of insecure edge devices, the Cybersecurity and Infrastructure Security Agency said on Tuesday.

In an alert highlighting Poland’s report on the December incident — which nearly crippled power in part of the country during a very cold period — CISA noted that the hackers initially breached the system “through vulnerable internet-facing edge devices” before deploying wiper malware that damaged operational technology.

“The malicious cyber activity highlights the need for critical infrastructure entities with vulnerable edge devices to act now to strengthen their cybersecurity posture against cyber threat activities targeting OT” and industrial control systems, said CISA, which last week ordered federal agencies to start disconnecting insecure edge devices.

The attack began in late December, when a threat actor logged into internet-exposed FortiGate security devices that lacked multifactor authentication, likely with reused passwords. From there, they accessed a range of OT control devices using accounts with default login credentials. In some cases, those accounts had permission to modify the devices’ firmware, which let the hackers corrupt the devices’ operating code. In other cases, the hackers deleted essential system files or reconfigured firewall rules to allow further sabotage.

The targeted Polish wind and solar farms used OT control devices from multiple companies, including Hitachi, Mikronika and Moxa, but all of the devices used default passwords.

The resulting sabotage “caused loss of view and control between facilities and distribution system operators, destroyed data on human machine interfaces (HMIs), and corrupted system firmware on OT devices,” CISA said. “While the affected renewable energy systems continued production, the system operator could not control or monitor them by their intended design.”

Poland attributed the attack to the Russian government hacker team Berserk Bear, which is housed within Moscow’s Federal Security Service (FSB), while ESET blamed Sandworm, a unit of Russia’s GRU military intelligence agency.

Takeaways for OT asset operators

CISA’s advisory listed several lessons from the incident, including the continuing vulnerability of edge devices, the danger of default passwords and the need to enable firmware verification on OT devices.

“Operators should immediately change default passwords and establish requirements for integrators or OT suppliers to enforce password changes in the future,” the agency warned.

CISA, along with the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), urged critical infrastructure operators to review Poland’s advisory, a recent U.S. fact sheet on OT security and the Energy Department’s own cyber threat advisories.

The British government also used the incident to put the critical infrastructure community on notice.

“Incidents like this speak to the severity of the cyber threat and highlight the necessity of strong cyber defences and resilience,” Jonathon Ellison, a senior official at the U.K.’s National Cyber Security Centre, wrote on LinkedIn on Monday. “Operators of UK critical national infrastructure (CNI) must not only take note but, as we have said before, act now.”

Sponsored content

By 1898 & Co.

As conflict in the Middle East escalates, its effects are increasingly visible in cyberspace, particularly for U.S. electric, water and municipal utilities. Iran’s interest in targeting operational technology (OT) is not new. For more than a decade, the U.S. intelligence community has warned that Iran poses a cyberthreat to critical infrastructure. What has changed is the operational relevance of that threat.

In 2024, Iran-affiliated actors demonstrated they could access and manipulate U.S. control systems across water, wastewater and energy environments. Those incidents were limited in scope, but they offered a preview of what may come next. By 2026, government advisories and technical analyses point to more dangerous and scalable demonstrations of capability. Combined with persistent exposure of internet-facing OT assets, this progression raises the stakes for the safe and reliable delivery of essential services.

It is vital to understand what has changed, why it matters to utility operators and how utilities can take meaningful, practical steps to reduce this risk without disrupting operations.

From Warnings to Real-World Operations

An April 2026 joint cybersecurity advisory led by the Cybersecurity and Infrastructure Security Agency (CISA) warned of ongoing exploitation targeting internet-facing OT devices, including programmable logic controllers (PLCs). The advisory reports disruptions across multiple U.S. critical infrastructure sectors, including government services and facilities (including local municipalities), water and wastewater systems and energy.

According to the authoring agencies, this activity has led to PLC disruptions through malicious interactions with the project file and manipulation of data displayed on human-machine interface (HMI) and supervisory control and data acquisition (SCADA) displays, resulting in operational disruption and financial loss.

The broader pattern is consistent with “living off the land” tradecraft seen in modern OT intrusions, in which adversaries leverage legitimate tooling and direct access paths to create operational effects.

For utility operators, the takeaway is straightforward. When internet-facing OT devices are exposed, cyberactivity can move quickly from access to malicious operational effect.

The Exposure Problem Utilities Can’t Ignore

Independent scanning and exposure analysis in response to the CISA advisory reinforces the exposure problem. Thousands of internet-facing OT devices remain reachable from the internet. Specifically, according to Censys’ exposure analysis, in the United States alone roughly 3,900 Rockwell Automation PLCs appear to be internet-exposed, many of which are connected through cellular networks that support remote field assets.

These setups are common in public power systems, water utilities and midsize municipal organizations, driven by distributed assets, remote locations and limited staffing. When legacy remote access remains exposed to the internet, it creates a direct pathway for adversaries to reach operational systems and disrupt operations on their timeline.

Utilities cannot control geopolitics or adversary intent, but they can control their own exposure. Closing obvious internet-facing OT access paths is one of the fastest ways to buy down high-consequence risk before an attack disrupts essential services.

Capability Plus Exposure Equals Consequence

High-consequence OT risk tends to emerge when two conditions are present at the same time: a capable adversary with OT-specific tradecraft, and environments that were built for availability and safety, not to contend with sustained hostile interaction.

When those conditions align, the impact extends beyond traditional IT-centric outcomes. Loss of operator visibility, unexpected control modifications or forced transitions to manual operations can quickly become reliability and safety issues in systems with little tolerance for uncertainty.

Because OT asset exposure is the factor that utilities can control most directly, reducing internet reachability and tightening OT access paths are among the highest-leverage ways to reduce the attack surface.

Reducing Risk Without Disrupting Operations

Federal guidance points utilities toward the right fundamental actions: Segment networks to reduce or eliminate direct internet reachability of control system components, implement secure remote access where connectivity is required, strengthen authentication and maintain accurate OT asset inventories. The challenge is execution in live environments where uptime, safety and field operations come first, and where utilities may not have the resources or technical know-how for effective implementation of these security controls.

Effective risk reduction starts with alignment with how your plant or systems operate. That means understanding who needs remote access, what devices are exposed, how changes are made and what normal OT traffic looks like. Done well, this becomes a joint effort across engineering, operations and security, with controls designed around operational reality rather than IT assumptions. Logical steps include:

• Putting guardrails around remote access by reducing direct internet reachability and applying strong authentication where connectivity is operationally required.
• Building a reliable OT asset and exposure baseline so teams know what is reachable, what is critical and what to address first.
• Establishing a routine verification process to continuously validate the organization’s public attack surface and confirm that no OT-facing access paths have become internet-reachable.
• Strengthening OT boundaries and monitoring around critical process networks, so abnormal access attempts are detected early and contained before they become operational events.

Nation-state cyber pressure on OT is rising, but utilities do not have to respond with guesswork or disruption. Focused exposure assessments, OT-informed road maps and mitigation support that fits how your systems function are clear operations-first steps to reduce OT exposure.

Contact 1898 & Co. to enhance your industrial cybersecurity and protect critical assets.

In the past year and a half, the business world has repeatedly seen cyber services become sudden showstoppers.

A Crowdstrike update paralyzed air and rail travel around the world. Hospital billing ransomware held U.S. healthcare systems hostage. Even Downdetector.com went down in the face of Cloudflare interruptions.

These critical technology stacks supporting the global economy are invisible to the end customer — until something breaks.

The current business super-cycle centered on energy and data centers offers an all-too-rare opportunity to reduce risks to critical infrastructure. Nearly all the technology stacks that enable — and sometimes suddenly disable — business are built atop data centers and their need for constant, reliable electricity. Decisions made today will affect the reliability of that power and the cost of providing that reliability for decades to come.

Companies and countries are racing to build out data center and energy infrastructure to support AI innovation. This race rightly emphasizes speed and scale, but data center developers and their energy partners would be wise to ramp up cybersecurity efforts to match the pace of development.

Designing cybersecurity controls during a new build process almost always gives better results than retrofits.

Retrofitting existing sites for better cybersecurity remains a long-running headache in the energy sector. These sites often feature decades-old machines built when air gapping made sense, remote logins were science fiction and devices rarely shared data with each other. The technical barriers to securing such sites are so high that many customers cannot make meaningful progress without outside help.

Many companies struggle even to maintain a current and accurate inventory of the devices legitimately allowed to exchange data over their industrial network. Using the same build-first, secure-later approach in our next round of infrastructure development sets up future leaders for another decade of expensive retrofits or unexpected outages.

For energy businesses focused on delivering power to data centers, cybersecurity will make or break the business plan.

U.S. electricity customers experienced an average of 11 hours of power outages in 2024, nearly twice as many as the annual average across the previous decade, according to the Energy Information Administration. For a level 4 data center the availability standard is 99.995%, allowing roughly 8 minutes of outages per year for any reason. Capturing premiums and avoiding penalties built into data center contracts will depend on meeting high reliability standards. Power providers will need confidence that their cybersecurity controls will block all but the most sophisticated attacks.

Cybersecurity providers will need to ensure updates match the pace of attacker innovation — and avoid compatibility issues.

The need for continuous electricity supply already drives design choices for data centers. Many data centers plan to produce power on site, instead of sourcing it from the grid. Others are building battery backups and generators to cover unavoidable outages. Compared to these investments, the cost of strong cybersecurity is trivial.

To be sure, even the strongest cybersecurity measures cannot guarantee a perfect power delivery record.

Malicious use of AI is already reducing the skill level required to launch sophisticated attacks, and attacker innovation will continue into the future. Designing cybersecurity architecture into new infrastructure can mitigate these risks by ensuring the strongest protections surround the most critical systems, planning for future maintenance and updates, and segmenting networks to limit the extent of damage when any given device or user account becomes compromised.

We can and should build the next generation of infrastructure better. But we have to hurry. Data center demand for electricity is growing four times as fast as demand from all other industries. Progress will not wait — cybersecurity must be planned and deployed at the same breakneck pace as new electricity infrastructure.

A Russia-linked hacker group has been targeting critical infrastructure organizations using vulnerabilities in their edge devices since at least 2021, highlighting an alarming shift toward exploiting well-known flaws in common networking equipment, Amazon’s threat intelligence team said Monday.

“The threat actor’s shift [toward edge devices] represents a concerning evolution,” Amazon researchers wrote in a blog post. “While customer misconfiguration targeting has been ongoing since at least 2022, the actor maintained sustained focus on this activity in 2025 while reducing investment in zero-day and N-day exploitation.”

After compromising these devices, the attackers intercepted network traffic containing login credentials and used those credentials to access cloud platforms and further entrench themselves in victim environments, according to the report.

Edge devices, including firewalls and network management interfaces, represent a growing and underappreciated source of risk for organizations. Cisco, Palo Alto Networks, Ivanti and Fortinet have repeatedly disclosed serious vulnerabilities in their edge devices over the past year. Monday’s report from Amazon supplements previous research showing that China and other nation-state hackers favor edge devices as initial access vectors.

By targeting edge devices with known but unpatched flaws instead of trying to find and exploit new vulnerabilities, Amazon said, the Russia-linked hackers significantly reduced their workload and their chances of being discovered while maintaining “the same operational outcomes, credential harvesting, and lateral movement into victim organizations’ online services and infrastructure.”

Amazon researchers linked the hackers to Russia’s military intelligence agency, the GRU, based on infrastructure and targeting that overlapped with Russia’s notorious Sandworm campaign against critical infrastructure in Ukraine and elsewhere. The hackers primarily targeted electric utilities, managed service providers specializing in the energy sector, telecommunications companies, cloud collaboration platforms and source-code databases. Most of the victims were in North America, Europe and the Middle East.

“The targeting demonstrates sustained focus on the energy sector supply chain,” Amazon said, “including both direct operators and third-party service providers with access to critical infrastructure networks.”

Preventive cyber defense measures

To avoid becoming the next victim of this strategy, Amazon said, organizations should immediately inspect all of their edge devices for signs that attackers have compromised them and are using them to intercept network traffic. Businesses should also enforce strong authentication, segment their networks, review suspicious login attempts and reduce devices’ unnecessary internet exposure.

Amazon encouraged organizations in the energy sector to check for login attempts from a provided list of indicators of compromise.

Users of Amazon’s cloud platform can enable certain features to restrict user access, scan for vulnerabilities and log suspicious activity, the company said.

The U.S. government and key Western allies on Wednesday published guidance to help critical infrastructure operators safely use artificial intelligence.

The guidance document describes four key principles for integrating AI into operational technology, detailing the issues that infrastructure operators should consider as they adopt AI. The advice covers general risk awareness, need and risk assessment, AI model governance, and operational fail-safes.

The U.S. Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the National Security Agency produced the guidance in partnership with cybersecurity agencies from Australia, Canada, Germany, the Netherlands, New Zealand and the U.K. CISA lists the energy sector as critical infrastructure. 

The document urges companies to understand AI’s unique risks, educate their employees about using automated systems, develop clear justifications for using AI, establish strong security expectations with their vendors and carefully evaluate the challenges of integrating AI into existing operational technology. In addition, the document says, companies should develop clear AI use and accountability procedures, thoroughly test their AI systems before implementing them and continuously validate the AI’s compliance with regulatory and safety requirements.

Companies also should oversee their AI systems, according to the document, including through human-in-the-loop protocols that ensure an AI model can never take potentially dangerous actions without human oversight. AI systems should have “failsafe mechanisms that enable AI systems to fail gracefully without disrupting critical operations,” the document says, and companies should update their cyber incident response plans to account for their new uses of AI.

In addition, the guidance warns, “critical infrastructure owners and operators should review how they are integrating the AI system into their existing procedures and create new safe use and implementation procedures that focus on the AI system integration into the OT environment.”

Emphasizing caution

Since the beginning of the AI frenzy, the U.S. government has sought to temper critical infrastructure operators’ enthusiasm about the technology with warnings about its risks.

In November 2024, the Department of Homeland Security published a suggested breakdown of the AI-related roles of different entities in the critical infrastructure space, from developers to cloud providers to infrastructure operators themselves. And in July, the White House’s AI Action Plan directed DHS to expand the sharing of AI-related security warnings with infrastructure providers. That plan mostly promoted AI’s benefits, but it also acknowledged that “the use of AI in cyber and critical infrastructure exposes those AI systems to adversarial threats.”

Critical infrastructure systems are already rife with security vulnerabilities, and government officials worry that infrastructure operators may be creating new weaknesses by implementing AI in novel ways without sufficient safeguards. Many infrastructure providers, especially in widely dispersed communities like the water sector, have threadbare security budgets and no dedicated security personnel, making it less likely that anyone in those organizations will push back as executives race to adopt the latest exciting technology.

While there don’t appear to be any specific, imminent cyber or physical threats to the U.S. power grid, China has been seeking vulnerabilities in network systems to be used in future attacks, panelists said during a U.S. House of Representatives hearing Tuesday on threats to the U.S. energy system.

Volt Typhoon — a group believed to be run by the People’s Republic of China’s state security service — is focused on maintaining ongoing access to U.S. network systems for future potential disruptions, according to Michael Ball, CEO of the Electricity Information Sharing and Analysis Center and senior vice president at the North American Electric Reliability Corp.

China is preparing for conflict over Taiwan, potentially in the “very near term,” and its strategy depends on preventing the United States from mounting a successful rescue mission, Harry Krejsa, director of Studies for the Carnegie Mellon Institute for Strategy & Technology, said during the hearing held by the Energy and Commerce Committee’s energy subcommittee.

Part of China’s plan is to target U.S. civilian infrastructure to create panic and chaos, Krejsa said.

“Our aging infrastructure makes these threats easier, including in our energy ecosystem,” he said. “Today's electricity grid is too often a hodgepodge of digital tools sitting atop an analog foundation, creating seams where adversaries can slip in.”

China is the most persistent cyber threat to the U.S., according to Zach Tudor, associate laboratory director for national and homeland security at the Idaho National Laboratory.

“Through Volt Typhoon, Salt Typhoon [and] Flax Typhoon, the Chinese Communist Party has embedded itself in our energy communications and water systems to set conditions for destructive attacks during the Pacific conflict over Taiwan,” he said. “They're winning without fighting, attempting to undermine our infrastructure.”

Although no U.S. blackouts have been attributed to a cyberattack, “the threat landscape is dynamic and requires continuous vigilance,” Ball said.

Panelists called on Congress to expand programs and funding for cyber defense.

Congress should continue to fund information sharing collaboration initiatives, like the Energy Threat Analysis Center, a pilot initiative led by the Department of Energy that brings together power sector and federal officials, according to Sharla Artz, vice president for security and resilience policy at Xcel Energy.

“Expanding programs like [the Cybersecurity Risk Information Sharing Program] enhances industry and government understanding of the threat landscape and thus needs additional government funding to accomplish that expansion,” said Artz, who represented the Edison Electric Institute at the hearing.

Tim Lindahl, president and CEO of Kenergy, a cooperative utility based in Henderson, Kentucky, urged Congress to reauthorize the $250 million Rural and Municipal Utility Cybersecurity Program, which runs through fiscal year 2026.

Lindahl called on DOE to disburse $80 million in RMUC awards that were announced last fall. 

“With continued partnership and targeted federal investment, we can strengthen our defenses and ensure the security of the energy infrastructure that powers our nation,” said Lindahl, who spoke on behalf of the National Rural Electric Cooperative Association.

NERC’s Ball urged Congress to reauthorize the expired Cybersecurity Information Sharing Act of 2015 to support information sharing between the private sector and government.

During the hearing, Rep. Robert Menendez, D-N.J., said the Trump administration was undermining U.S. infrastructure protection efforts by cutting $5.6 billion in funding for state and local grid hardening and resiliency programs.

The administration also fired more than 1,000 cybersecurity and infrastructure agency staff, according to Menendez. It also moved Department of Homeland Security Cybersecurity & Infrastructure Security Agency staff to other agencies, like Immigration and Customs Enforcement, which has “no connectivity to what their work has been,” he said.

“Does that make our country safer and more able to respond to these increasing cybersecurity attacks?” Menendez said.

Cyber threat actors have recently begun using AI to develop malware, in a dramatic evolution of the technology’s role in the hacking ecosystem, Google said last week.

New strains of malware use AI to grow and change in real time during the attack phase, potentially making detection and defense much more difficult, Google’s threat intelligence researchers said in a report.

The recent trend represents the latest phase in an AI arms race between attackers and defenders.

Over the past few years, researchers have consistently found that hackers are using AI more as an enhancer of phishing lures than as a malware-generation assistant. AI malware toolkits exist on the dark web, experts have said, but they do not represent the most widespread or worrisome use of the technology. Google’s new findings, however, suggest that AI’s role in offense may be entering a new phase.

Five newly discovered malware families — FRUITSHELL, PROMPTFLUX, PROMPTSTEAL, PROMPTLOCK and QUIETVAULT — exhibit novel AI-powered capabilities, Google reported, including the ability to hide their code from security software, create attack capabilities on demand and dynamically generate scripts. “While still nascent,” Google said, “this represents a significant step toward more autonomous and adaptive malware.”

PROMPTFLUX uses Google’s Gemini AI to regenerate its own code to better avoid detection, hiding the newly reconstituted file in Windows’s Startup folder. One version of the malware used Gemini to rewrite its entire source code every hour. “This type of obfuscation technique is an early and significant indicator of how malicious operators will likely augment their campaigns with AI moving forward,” Google said. The company did not attribute PROMPTFLUX to a specific threat actor, but it said the names of files used to drop the malware were consistent with the behavior of “financially motivated actors.”

Currently, PROMPTFLUX’s code includes inactive components and a feature to limit its interaction with the Gemini API, suggesting that it remains under development. Google said it had “taken action to disable the assets associated with this activity,” adding that PROMPTFLUX alone could not hack into systems.

PROMPTSTEAL, meanwhile, uses Hugging Face’s platform to query a large language model (LLM) and generate short Windows commands that collect and steal information from target systems. The software masquerades as an image-generation tool that generates and executes reconnaissance commands in the background. By dynamically generating new scripts to perform commands, the malware could help hackers stay active on a target machine without alerting defenders who are looking for specific snippets of code.

Google said it had observed APT28, a Russia-linked group associated with the country’s GRU military intelligence agency, using PROMPTSTEAL in Ukraine. Authorities in that country previously reported on the malware’s appearance. Google said those attacks were the first time it had seen malware querying an LLM in the wild.

“Although some recent implementations of novel AI techniques are experimental,” Google said, “they provide an early indicator of how threats are evolving and how they can potentially integrate AI capabilities into future intrusion activity.”

The newly discovered uses of AI in malware highlight the need for defenders to replace traditional static detection tools with software that can identify a broader range of anomalous activity.

“Attackers are moving beyond ‘vibe coding’ and the baseline observed in 2024 of using AI tools for technical support,” Google researchers wrote. “We are only now starting to see this type of activity, but expect it to increase in the future.”

Threat actors continue to use AI for other purposes too. The Google report described a China-link group using Gemini for “crafting lure content, building technical infrastructure, and developing tooling for data exfiltration.” To work around Gemini’s protections against malicious use, the threat actor posed as a participant in a capture-the-flag exercise and persuaded Gemini to provide “helpful information that could be misused to exploit the [targeted] system.” The China-linked actor then used the CTF ruse in many future Gemini prompts.

Other nation-state groups weren’t as lucky. An Iran-linked hacking group tried to use Gemini to develop custom malware, but in doing so, it revealed information about its operations — including the domain of its command-and-control server — that helped Google disrupt its activities.