Skip to content

Reality Check: What Google’s Latest Report Tells Us About AI-Enabled Threat Actors

Google's latest threat intelligence report gives us something far more valuable than speculation: hard data on how threat actors are actually using AI.

Louis Blackburn

Swarm Director

  • Resources
  • Opinion
  • Reality Check: What Google’s Latest Report Tells Us About AI-Enabled Threat Actors

The cybersecurity industry has a habit of catastrophizing new technologies. When generative AI burst onto the scene, predictions ranged from the end of password security to an explosion of zero-day vulnerabilities. Google’s latest threat intelligence report gives us something far more valuable than speculation: hard data on how threat actors are actually using AI.

The reality? It’s both less and more concerning than you might think.

Cutting Through the Noise

Google’s January 2025 findings reveal something that experienced security professionals have long suspected: threat actors are using AI much like everyone else—as a research assistant and productivity tool. They’re not breaking AI systems or discovering novel zero-days. Instead, they’re using these tools to work smarter and faster.

Where True Transformation Lies

What’s truly transformative isn’t the creation of new attack vectors—it’s the democratization of existing ones. Here’s what’s actually changing:

  • Threat actors are leveraging AI to enhance OSINT capabilities, making target research more efficient and comprehensive
  • Language barriers are dissolving, with non-native English speakers crafting increasingly convincing phishing campaigns
  • Attackers are using AI to better understand complex systems and applications post-compromise
  • Traditional “red flags” like poor grammar or obvious translation errors are becoming less reliable indicators

Shifting Strategic Ground

This shift demands a fundamental rethinking of security strategies. When threat actors can rapidly understand your organization’s structure, culture, and technical stack, traditional defenses need to evolve. The old advice about spotting phishing through language errors? That’s quickly becoming obsolete.

Success in Prevention

There’s a silver lining here: AI platform providers’ preventative controls are working. Google’s report shows minimal success in attempts to misuse the AI platforms themselves. This validates the importance of implementing strong controls at the source—a lesson that extends beyond AI to all critical systems.

These findings reinforce what we’ve long advocated at CovertSwarm: constant, comprehensive testing that mirrors real adversary behavior is crucial. When threat actors are using AI to work smarter, your security testing needs to be equally sophisticated and persistent.

Bottom Line Impact

The AI revolution in cybersecurity isn’t about dramatic new attack vectors—it’s about the acceleration and refinement of existing threats. This makes the case for continuous security testing even more compelling. When attackers can work faster and smarter, your defense strategy needs to match that pace.

Traditional penetration testing, conducted as an occasional checkbox exercise, simply can’t keep up with this new reality. You need a security partner that’s constantly probing, constantly learning, and constantly adapting—just like your adversaries.

Learn more about CovertSwarm’s constant cyber-attack subscription.