The perpetrators aren't random hackers. Google believes they're primarily private companies and researchers seeking competitive shortcuts in the AI race. Their goal: extract the patterns and algorithms that power Gemini without investing billions in development. Google considers this intellectual property theft.

The attacks specifically targeted Gemini's reasoning algorithms. The decision-making processes that represent the most valuable and sophisticated aspects of advanced AI. Before Google detected the 100,000-prompt campaign and adjusted its defenses, attackers had systematically probed the system to gather substantial intelligence.

AI gets smarter when your input is complete. Wispr Flow helps you think out loud and capture full context by voice, then turns that speech into a clean, structured prompt you can paste into ChatGPT, Claude, or any assistant. No more chopping up thoughts into typed paragraphs. Preserve constraints, examples, edge cases, and tone by speaking them once. The result is faster iteration, more precise outputs, and less time re-prompting. Try Wispr Flow for AI or see a 30-second demo.

Start flowing free

John Hultquist, chief analyst of Google's Threat Intelligence Group, warns these attacks signal broader industry risk. "We're going to be the canary in the coal mine for far more incidents," he said. Smaller companies with custom AI face similar or worse threats.

The concern intensifies as businesses deploy specialized AI trained on proprietary data. Financial institutions with AI trained on decades of trading strategies, for example, could have those insights extracted through sustained attacks.

This isn't new. OpenAI accused DeepSeek last year of similar attacks against ChatGPT, highlighting how AI companies are weaponizing these techniques against each other.

AI companies face a fundamental tension: they want models to be accessible, but that accessibility creates vulnerability. Unlike traditional software protected behind authentication, chatbots are designed for open interaction. Every query is a potential learning opportunity for attackers.

Companies are developing sophisticated monitoring to identify distillation patterns and implementing rate limits, but it's an asymmetric battle. Attackers only need queries that look legitimate until they've gathered enough data.

As AI becomes central to competitive advantage, expect attacks to intensify. Extracting capabilities from existing models is far cheaper than building from scratch. Google's message is clear: if leading AI companies with advanced security are vulnerable, everyone is.

The AI arms race has added a new dimension. It is not who builds the best models, but who can protect their intellectual property from systematic extraction by determined competitors.

Stay informed about the latest developments in artificial intelligence. Subscribe to AI Daily Brief for your regular dose of AI news and analysis.

Thanks to being a valued subscriber

AI Daily Brief