Google has disclosed that hackers attempted to replicate its Gemini artificial intelligence chatbot by flooding the system with more than 100,000 carefully crafted prompts. The effort was part of what the company describes as “model extraction” or “distillation attacks,” designed to uncover how AI systems reason and generate responses.
The campaign was identified by Google’s internal security teams and linked to commercially motivated actors aiming to build rival AI models by copying core behaviour patterns.
How the prompt-based cloning attack worked
According to Google, attackers repeatedly questioned Gemini in ways meant to map its internal logic. Instead of stealing code directly, they used massive volumes of queries to observe output patterns, gradually reconstructing how the model processes information.
This technique exploits the public accessibility of large language models, which respond to anyone online. Over time, responses can reveal decision-making structures that power AI reasoning.
Google said many prompts were specifically designed to probe how Gemini solves problems, interprets context, and connects ideas — all essential elements of modern AI systems.
A Google spokesperson told NBC News that the attacks appeared to originate from multiple regions globally, though the company declined to name suspects.
Google’s countermeasures and detection systems
The activity was flagged by the Google Threat Intelligence Group, which monitors emerging digital threats. The team uses behavioural analytics, automated classifiers, and anomaly detection to identify suspicious prompt patterns that indicate extraction attempts.
Once identified, offending accounts were blocked and new safeguards were implemented to limit how much sensitive reasoning information can be inferred through repeated queries.
Google said it continues strengthening internal controls to prevent future attempts while balancing open access to AI tools for legitimate users.
Why AI companies remain vulnerable to such attacks
Despite security layers, large language models remain inherently exposed due to their interactive nature. Unlike traditional software, AI systems must reveal outputs continuously, creating opportunities for bad actors to reverse-engineer behaviour.
Google warned that similar attacks could soon target smaller firms running custom AI models trained on proprietary business data. These models may carry sensitive commercial knowledge that could be partially extracted through persistent questioning.
The company pointed out that intellectual property risks will grow as organisations rely more heavily on AI for decision-making and competitive strategies.
The issue is not limited to Google. OpenAI previously accused rival firms of using similar distillation techniques to improve competing models, highlighting how widespread the threat has become across the AI sector.
Security experts say protecting model behaviour will be one of the defining challenges of the next phase of AI development, alongside data privacy and misuse prevention. As AI tools become central to businesses worldwide, companies are racing to secure not just data — but the intelligence itself.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
