News · Google's GTIG report separates APT misuse of AI from private-sector model extraction

Feb, 124 min to read
AI Products

Google's GTIG report separates APT misuse of AI from private-sector model extraction

A short update from Google names two distinct threats — actors using AI for attacks, and companies stealing models — and reports different responses to each.

Two threat categories, deliberately kept apart

The post does something most AI-security updates blur over: it draws a line between actors using AI to run attacks and actors attacking the AI itself. On the first, GTIG says it has observed threat actors using AI to gather information, create what it calls 'super-realistic' phishing scams, and develop malware.

On the second, the language is more precise. Google states it has not observed direct attacks on frontier models or generative AI products from advanced persistent threat (APT) actors. That is a specific, dated claim — a negative finding — and it matters because it tells you where the pressure is not coming from, at least in the window GTIG covered.

Model extraction is the threat Google chose to name

The concrete claim in the post is about model extraction attacks, which Google characterizes as a form of corporate espionage. It says it has 'seen and mitigated frequent' such attempts, and attributes them not to state-backed groups but to private sector entities all over the world.

we have seen and mitigated frequent model extraction attacks (a type of corporate espionage) from private sector entities all over the world — a threat other businesses' with AI models will likely face in the near futureMontana Labs

That framing is worth sitting with. The party trying to copy the model is, in Google's telling, often another company rather than a hostile government. And Google explicitly forecasts that any business operating its own models should expect the same pressure.

The responses are model-specific and account-specific

Google describes two kinds of action. First, disabling associated accounts to disrupt malicious activity — an operational lever tied to platform access. Second, strengthening both its security controls and its Gemini models against misuse, which points at changes to the models themselves, not just the fence around them.

The post gives no figures for how many accounts were disabled, how frequent 'frequent' is, or what the model hardening consisted of. Those details, if they exist, are deferred to the full report on the Google Cloud Threat Intelligence blog. This blog entry is a summary and a pointer.

What a self-hosted-model team should take from this

The implication for any organization that trains or serves its own models is the extraction warning. Google is telling operators that the weights and behavior of a deployed model are themselves a target for theft, independent of whether anyone is trying to jailbreak or poison it, and that the attackers may be commercial competitors.

Practically, that separates two defensive jobs many teams treat as one: guarding against abuse of the model's outputs, and guarding against reconstruction of the model itself through querying. Google says it mitigated the latter. The post does not say how, so the actionable takeaway is narrower than the headline — read the linked report before assuming the mitigations transfer to a smaller deployment.

Find this story relevant to you?

Contact us to find a unique solution

Contact us

Need an AI engineering partner that can actually build?

We help businesses integrate AI, build AI-powered products, automate high-value workflows, and modernize the software systems behind them.

Get in touch

Related reading

More analysis around product delivery, operational AI, and the systems work that makes deployment hold up in reality.

Jul, 144 min to read
AI Products

How Google DeepMind rebuilt Pelé's unfilmed 1959 goal from archives and stunt footage

Jul, 134 min to read
AI Products

Expedia's image-selection automation is the concrete piece behind its AI marketing story

Jul, 134 min to read
AI Products

ENEOS Materials built over 1,000 custom GPTs and put ChatGPT Enterprise in front of every employee