What are model extraction attacks in AI?

Short answer: Hackers query an AI model via API, steal its reasoning patterns, train a copy. No break-ins needed.

How are threat actors like DPRK using LLMs?

For recon, targeting, phishing lures. Speeds up ops without new breakthroughs.

Is Google's Gemini safe from these AI threats?

GTIG disrupted attacks; safeguards improving. But distillation attempts rose—no guarantees.

Google GTIG's Latest: AI Distillation Attacks Spike as Hackers Clone Models and Build Smarter Malware

Threat actors aren't just using AI; they're stealing it. Google's GTIG details a wave of distillation attacks and new AI-malware hybrids that could reshape cyber ops.

theAIcatchup Apr 08, 2026 4 min read

Infographic of rising AI model distillation attacks tracked by Google GTIG in 2025

⚡ Key Takeaways

Model distillation attacks surged in 2025, mainly from private entities—not APTs yet. 𝕏
DPRK, Iran, PRC, Russia use LLMs for faster recon and phishing; new malware like HONESTCUE integrates APIs. 𝕏
Google disrupts via bans and hardening, but underground jailbreak services signal growing ecosystem. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#AI distillation attacks #AI malware #GTIG threat tracker #model extraction

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Mandiant Blog

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

PRT-Scan: AI Turns GitHub Misconfigs into Easy Supply Chain Prey

AI Malware: All Sizzle, No Real Steak Yet

$21 Billion Vanishes: FBI's Grim Cybercrime Tally for 2025

Infostealers Eclipse Banking Trojans: Financial Cyberthreats Reshape in 2025

Stay in the loop