Google says Iran-backed hackers use its Gemini AI chatbot for research

Gemini logo is seen in this illustration taken May 20, 2024. REUTERS/Dado Ruvic/Illustration/File photo
Gemini logo is seen in this illustration taken May 20, 2024. REUTERS/Dado Ruvic/Illustration/File photo

Google says Iranian state-backed actors online are using the tech giant’s Gemini AI chatbot to research defense organizations, foreign governments, dissidents and domestic social issues.

"Iranian government-backed actors accounted for the largest Gemini use linked to advanced persistent threat actors," the company’s Threat Intelligence Group said in a report on Wednesday.

"Across Iranian government-backed actors, we observed a broad scope of research and use cases, including to enable reconnaissance on targets, for research into publicly reported vulnerabilities, to request translation and technical explanations, and to create content for possible use in future campaigns."

State-backed hackers have stepped up strategic intelligence gathering and disruptive cyberattacks, an online security firm reported last year.

Iran views cyberspace as another front in what it describes as a religiously-ordained fight against the United States and Israel.

"Their use reflected strategic Iranian interests including research focused on defense organizations and experts, defense systems, foreign governments, individual dissidents, the Israel-Hamas conflict, and social issues in Iran," Google said.

"Rather than enabling disruptive change, generative AI allows threat actors to move faster and at higher volume," it added.

Google reported that Gemini's safeguards blocked attackers from exploiting it for more advanced attacks like extracting information to influence Google products.

Analysts have long been warning that generative AI, which produces text or media content based on what the user types, can be leveraged to support hacking and disinformation campaigns.

Iranian cyberattacks are now a major problem for governments, industry and cybersecurity professionals globally.

Iran-related hacking groups—which are frequently associated with the Islamic Revolutionary Guard Corps (IRGC)—have been routinely engaged in cyber espionage, cyberattacks and disinformation.

The operations commonly aim at infrastructure, financial institutions, political enemies and foreign adversaries.