Google Gemini Faces Cloning Attempts as Threat Actors Probe AI Chatbot
Google has revealed ongoing attempts to extract proprietary information from its Gemini AI chatbot, highlighting a growing trend of threat actors leveraging artificial intelligence for malicious purposes. These attempts, categorized as “model extraction” or “distillation attacks,” involve prompting the AI model repeatedly to reveal its underlying logic and reasoning processes, with the ultimate goal of creating a cheaper, cloned version.
Model Extraction Attacks: A Rising Threat
According to Google’s Threat Intelligence Group (GTIG), the attacks aren’t conventional hacks involving system breaches. Instead, perpetrators are exploiting legitimate access through the Gemini API, designed for developers to build applications based on the chatbot. By interacting with the AI model through this official channel, attackers aim to learn Gemini’s response patterns and internal logic Google Cloud Blog.
One tactic involves prompting Gemini to express its reasoning in a manner consistent with the user’s language, effectively attempting to force the model to reveal its thought process. Google identified one instance where an adversarial session involved over 100,000 prompts across multiple languages Ars Technica.
Intellectual Property Theft and Google’s Response
Google considers these activities a form of intellectual property (IP) theft, violating the Gemini AI service’s Terms of Service. The company is actively working to deter such attacks and has the right to terminate access for those found involved Ars Technica. Google is also warning other AI developers to be vigilant against similar model extraction attempts.
Who is Behind the Attacks?
While Google hasn’t observed direct attacks on its frontier models from advanced persistent threat (APT) actors, the company has identified frequent model extraction attempts originating from private sector entities and researchers worldwide Google Cloud Blog. These actors appear to be motivated by commercial interests, seeking a competitive edge by cloning Gemini’s capabilities.
Government-backed threat actors are also utilizing large language models (LLMs) like Gemini for technical research, targeting, and generating sophisticated phishing lures Google Cloud Blog. However, Google reports that hackers have not been fully successful in completing direct model extraction attacks on Gemini Panda Security.
Broader Implications and Future Concerns
Whereas no successful cloning of Gemini has been reported, Google recognizes the potential for these attacks to be used for malicious cyber activities. The company is continuously strengthening its classifiers and models to proactively thwart such threats Google Cloud Blog.
This situation underscores the growing need for robust security measures and ethical considerations in the development and deployment of AI models. As AI technology continues to advance, protecting intellectual property and preventing misuse will remain a critical challenge for the industry.