IT, Telecom & Cyber · International (Houston)

Google says hackers are abusing Gemini AI for all attacks reshape IT, Telecom & Cyber sourcing priorities

Published Feb 12, 2026, 6:19 AM CSTINTERNATIONALLight-signal edition
Ask AI
Google says hackers are abusing Gemini AI for all attacks stages

Coverage note

No material category-specific items detected today; relevant oil & gas context that could affect this category is: Google says hackers are abusing Gemini AI for all attacks stages (BleepingComputer). Procurement implication: keep supplier-risk monitoring active, maintain contract flexibility, and use index-linked guardrails until category-specific volume improves.

In 60 seconds

Top move

Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language

Key takeaways

  • Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language.[1]

What changed since last run

  • Lead coverage has rotated toward "Google says hackers are abusing Gemini AI for all attacks stages", shifting the brief toward more immediate execution implications.

Key facts

  • HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and op
  • AI-enhanced malicious activity The Google Threat Intelligence Group (GTIG) notes in a report
  • The Iranian adversary APT42 leveraged Google's LLM for social engineering campaigns, as a dev
  • GTIG notes that no major breakthroughs have occurred in that respect, though the tech giant e

Why it matters

The lead signals for IT, Telecom & Cyber are no longer just descriptive; they point to immediate sourcing implications around cost pressure. Lead move: HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting. That shifts IT, Telecom & Cyber focus toward cost pressure and changes the ask to Microsoft. The practical read-through is that buyers should tighten supplier challenge, pricing discipline, and contract optionality before the next decision gate

Cost / money

  • Lead move: HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting. That shifts IT, Telecom & Cyber focus toward cost pressure and changes the ask to Microsoft.[1]
  • The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable.[1]

Supplier / commercial

  • This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, breach response slas, and negotiation guardrails with 2025, 100,000, 99 as the clearest commercial anchors; expect renewal uplift asks.[1]
  • Use Breach response SLAs. Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.[1]
  • Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply.[1]

Safety / operations

  • Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene.[1]

What to watch

  • Watch whether Microsoft starts using Google says hackers are abusing Gemini as a repricing reference in quotes, escalator asks, or budget resets.[1]
  • Google says hackers are abusing Gemini creates cost pressure. Trigger: HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting.[1]
  • Watch bandwidth resilience, latency tolerance, cyber obligations, and who carries downtime cost if the remote link drops.[1]

Top stories

Story 1BleepingComputerFeb 12, 2026

Google says hackers are abusing Gemini AI for all attacks stages

Signal strongSource-grounded
Source notes [1]Read source

What happened

HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting. AI-enhanced malicious activity The Google Threat Intelligence Group (GTIG) notes in a report today that APT adversaries use Gemini to support their campaigns "from reconnaissance and phishing lure creation to command and control (C2) development and data exfiltration. This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, breach response slas, and negotiation guardrails with 2025, 100,000, 99 as the clearest commercial anchors; expect renewal uplift asks

Buyer takeaway

For IT, Telecom & Cyber, this is a staffing-shape signal: remote operating models can shift work offsite and change which suppliers, systems, and service levels matter most

Cost / money

The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable

Supplier / commercial

Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply

Safety / operations

Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene

What to watch

Watch bandwidth resilience, latency tolerance, cyber obligations, and who carries downtime cost if the remote link drops

Key facts

  • HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and op
  • AI-enhanced malicious activity The Google Threat Intelligence Group (GTIG) notes in a report
  • The Iranian adversary APT42 leveraged Google's LLM for social engineering campaigns, as a dev
  • GTIG notes that no major breakthroughs have occurred in that respect, though the tech giant e

Source excerpts

State-backed hackers are using Google's Gemini AI model to support all stages of an attack, from reconnaissance to post-compromise actions
AI-powered ClickFix attacksource: Google The report further notes that Gemini has faced AI model extraction and distillation attempts, with organizations leveraging authorized API access to methodically query the system and reproduce its decision-making processes to replicate its functionality
Cybercriminals are also showing increased interest in AI tools and services that could help in illegal activities, such as social engineering ClickFix campaigns. AI-enhanced malicious activity The Google Threat Intelligence Group (GTIG) notes in a report today that APT adversaries use Gemini to support their campaigns "from reconnaissance and phishing lure creation to command and control (C2) development and data exfiltration

VP Snapshot

Executive Risk & Action View

The biggest executive exposure for IT, Telecom & Cyber is cost pressure because today's lead stories point to faster-moving supplier and commercial decisions than the current brief cadence alone would suggest.

Overall
71
Cost
53
Supply
30
Schedule
22
Compliance
15

Top signals

30-180dcost

Signal 1: Google says hackers are abusing Gemini

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, breach response slas, and negotiation guardrails with 2025, 100,000, 99 as the clearest commercial anchors; expect renewal uplift asks.

Recommended actions

Category ManagerDue 5d

Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language.

This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

Risk register

RiskTriggerMitigation
Google says hackers are abusing Gemini creates cost pressure.HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting.Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language.

CM Snapshot

Category Manager Decision Detail

Today's priorities

Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language.

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, breach response slas, and negotiation guardrails with 2025, 100,000, 99 as the clearest commercial anchors; expect renewal uplift asks.

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Supplier radar

Microsoft

high

Observed supplier signal

HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting.

Commercial implication

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, breach response slas, and negotiation guardrails with 2025, 100,000, 99 as the clearest commercial anchors; expect renewal uplift asks.

Next step: Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language.

Negotiation levers

Use Breach response SLAs

When to use: Use when Microsoft cites Google says hackers are abusing Gemini to justify immediate repricing or wider surcharge language.

Expected outcome: Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

Commercial mechanism to carry into the next supplier conversation

Talking points

IT, Telecom & Cyber conditions are now tactical: the latest signals justify immediate outreach to Microsoft and a clause-by-clause contract refresh.
Use today's signal mix to challenge license renewals, confirm vendor support coverage, and preserve fallback options before leverage deteriorates.

Supplier radar

SupplierSignalImplicationNext stepConfidence
MicrosoftHEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting.This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, breach response slas, and negotiation guardrails with 2025, 100,000, 99 as the clearest commercial anchors; expect renewal uplift asks.Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language.high

Negotiation levers

  • Use Breach response SLAsUse when Microsoft cites Google says hackers are abusing Gemini to justify immediate repricing or wider surcharge language.Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

    high confidence

What to do / What to watch

What to do now

  • Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language.

    Why: This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, breach response slas, and negotiation guardrails with 2025, 100,000, 99 as the clearest commercial anchors; expect renewal uplift asks.

    Owner: Category

    Expected outcome: Complete this within 3 days to reduce buyer surprise and tighten near-term sourcing control.

    [1]

Next few weeks

  • Email Microsoft to reconfirm license renewals, keep quote validity short around Google says hackers are abusing Gemini, and push for breach response slas instead of open-ended surcharge language.

    Why: Move now because This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

    Owner: Category

    Expected outcome: This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

    [1]
  • Prepare use breach response slas for the next negotiation cycle.

    Why: Deploy it because Use when Microsoft cites Google says hackers are abusing Gemini to justify immediate repricing or wider surcharge language.

    Owner: Contracts

    Expected outcome: Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

    [1]

Longer view

  • Use the current signal mix to tighten quarter-ahead sourcing scenarios and supplier optionality plans.

    Why: Prepare now because repeated cross-source signals are pointing to a more fragile commercial environment than a headline-only read suggests.

    Owner: Category

    Expected outcome: A cleaner quarter-ahead demand, budget, and fallback-supplier plan.

    [1]

What to watch

  • Watch whether Microsoft starts using Google says hackers are abusing Gemini as a repricing reference in quotes, escalator asks, or budget resets
  • Google says hackers are abusing Gemini creates cost pressure.: HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting
  • IT, Telecom & Cyber conditions are now tactical: the latest signals justify immediate outreach to Microsoft and a clause-by-clause contract refresh
  • Use today's signal mix to challenge license renewals, confirm vendor support coverage, and preserve fallback options before leverage deteriorates

Market pulse

IndexLatestChangeAs of
Palo Alto (PANW)320 +0.00 (+0.00%)Feb 12, 2026, 12:19 PM
CrowdStrike (CRWD)285 +0.00 (+0.00%)Feb 12, 2026, 12:19 PM
Zscaler (ZS)195 +0.00 (+0.00%)Feb 12, 2026, 12:19 PM
Fortinet (FTNT)72 +0.00 (+0.00%)Feb 12, 2026, 12:19 PM
  • Palo Alto: Palo Alto should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • CrowdStrike: CrowdStrike should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • Zscaler: Zscaler should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • Fortinet: Fortinet should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle

Sources

Inline citations jump here. Expand a source to read the excerpt, the AI interpretation, and the original link.

[1] Google says hackers are abusing Gemini AI for all attacks stages

bleepingcomputer.com · Feb 12, 2026

Expand

AI reading

HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting. AI-enhanced malicious activity The Google Threat Intelligence Group (GTIG) notes in a report today that APT adversaries use Gemini to support their campaigns "from reconnaissance and phishing lure creation to command and control (C2) development and data exfiltration. This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, breach response slas, and negotiation guardrails with 2025, 100,000, 99 as the clearest commercial anchors; expect renewal uplift asks

Buyer takeaway

For IT, Telecom & Cyber, this is a staffing-shape signal: remote operating models can shift work offsite and change which suppliers, systems, and service levels matter most

Cost / money

The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable

Supplier / commercial

Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply

Safety / operations

Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene

What to watch

Watch bandwidth resilience, latency tolerance, cyber obligations, and who carries downtime cost if the remote link drops

Key facts

  • HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and op
  • AI-enhanced malicious activity The Google Threat Intelligence Group (GTIG) notes in a report
  • The Iranian adversary APT42 leveraged Google's LLM for social engineering campaigns, as a dev
  • GTIG notes that no major breakthroughs have occurred in that respect, though the tech giant e

Source excerpts

State-backed hackers are using Google's Gemini AI model to support all stages of an attack, from reconnaissance to post-compromise actions
AI-powered ClickFix attacksource: Google The report further notes that Gemini has faced AI model extraction and distillation attempts, with organizations leveraging authorized API access to methodically query the system and reproduce its decision-making processes to replicate its functionality
Cybercriminals are also showing increased interest in AI tools and services that could help in illegal activities, such as social engineering ClickFix campaigns. AI-enhanced malicious activity The Google Threat Intelligence Group (GTIG) notes in a report today that APT adversaries use Gemini to support their campaigns "from reconnaissance and phishing lure creation to command and control (C2) development and data exfiltration

Used in this brief

  • State-backed hackers are using AI tools for all stages of cyber attacks, highlighting the need for enhanced cybersecurity measures
  • This article underscores the evolving nature of cyber threats and the necessity for organizations to adapt their strategies
  • Increased use of AI in cyber attacks
Open original source

[2] Palo Alto

finance.yahoo.com · n.d.

Expand
Open original source

[3] CrowdStrike

finance.yahoo.com · n.d.

Expand
Open original source

[4] Zscaler

finance.yahoo.com · n.d.

Expand
Open original source

[5] Fortinet

finance.yahoo.com · n.d.

Expand
Open original source
More from IT, Telecom & CyberBack to Executive View