APT31 Exploits Google Gemini for Automated Cyberattack Planning Against US Targets

China's state-sponsored hacking group APT31 systematically exploited Google's Gemini AI chatbot to automate vulnerability analysis and generate targeted attack plans against US organizations, according to Google's Threat Intelligence Group (GTIG). In their latest AI Threat Tracker report, Google details how APT31—also tracked as Violet Typhoon and Judgment Panda—used Gemini integrated with the open-source red-teaming framework Hexstrike to analyze exploits including remote code execution (RCE), SQL injection, and web application firewall (WAF) bypass techniques against specific US targets.

Hexstrike, built on the Model Context Protocol (MCP), enables AI models like Gemini to orchestrate over 150 security tools for reconnaissance, vulnerability scanning, and penetration testing. Designed for ethical hackers, Hexstrike was weaponized by APT31 shortly after its August 2025 release. Google confirmed it disabled accounts linked to these operations, which occurred in late 2025. Though unsuccessful, these attacks demonstrate a "highly structured approach" where Gemini was prompted with a cybersecurity expert persona to generate testing plans, blurring lines between legitimate security research and malicious reconnaissance.

John Hultquist, GTIG chief analyst, emphasized the strategic shift: "APT groups continue experimenting with AI to support semi-autonomous offensive operations. China-based actors will keep building agentic approaches for cyber offensive scale." Google identifies two critical threat vectors enabled by AI:

1. Intrusion Automation: Mimicking recent incidents where Chinese operatives used Anthropic's Claude Code AI to automate attack sequences against high-value targets.
2. Exploit Development: Using AI to rapidly analyze vulnerabilities and generate weaponized code, compressing the time between vulnerability disclosure and weaponization.

Attack Component	Manual Execution	AI-Accelerated Execution	Impact
Vulnerability Analysis	Hours to days	Minutes	10-100x speed increase
Exploit Generation	Expert-level human effort	Automated code synthesis	Democratizes advanced attack tools
Target Reconnaissance	Manual data aggregation	Automated OSINT collection	Scales target profiling
Attack Sequencing	Human coordination	AI-generated execution plans	Enables parallel operations

The acceleration of attack cycles exacerbates the "patch gap"—the critical window between vulnerability disclosure and patch deployment. Hultquist notes: "In some organizations, it takes weeks to implement defenses. Adversaries leveraging AI can now move faster than defenders, hitting more targets with minimal human interference." This necessitates defensive AI operating at machine speed to autonomously detect and mitigate threats.

Simultaneously, GTIG observed a surge in "distillation attacks," where threat actors attempt model extraction to steal proprietary AI logic. These IP theft operations target Google's AI products globally, aiming to replicate expensive model capabilities at low cost. Hultquist warns: "Your model is valuable IP. Distilling its logic allows replication, undermining competitive advantage."

For homelab builders and enterprise admins, this demands proactive measures:

• AI-Enhanced Defense: Deploy ML-based intrusion detection systems (IDS) like Suricata with real-time traffic analysis.
• Patch Velocity: Automate patch management using tools like Ansible to reduce deployment windows below 24 hours.
• Tool Hardening: Restrict AI tool access via API rate limiting and behavioral analytics.
• Network Segmentation: Isolate critical infrastructure using VLANs to limit lateral movement.

While fully autonomous attacks remain unrealized, APT31's Gemini exploitation signals a pivot toward AI-driven offensive scalability. Defenders must counter with equal automation—turning AI's dual-use nature into a strategic advantage.