Google reports Hackers tried to Clone Gemini with over 100,000 prompts

Google just described a very specific kind of “Gemini hacking” that’s easy to misunderstand. It wasn’t a breach and it wasn’t someone breaking into Google’s systems. Google says it spotted a campaign that fired over 100,000 prompts at Gemini, which it calls a model cloning attempt, basically trying to copy the model’s behavior by interrogating it at scale. 

The report frames attacks as theft, where repeated and structured querying are meant to learn how the system responds across different tasks and languages. In this case, Google says the pattern suggested an effort to replicate Gemini’s behavior in non-English target languages, and that its systems flagged the activity and reduced the effectiveness of the technique.

This matters because you don’t need a perfect clone for it to be useful. A “close enough” imitation can still help bad actors do faster on scams, polish messaging, and run endless trial runs cheaply. Or maybe even deploy what works even with few mistakes.

Google’s threat write-up also describes government-backed groups using Gemini for practical steps like technical research, target development, and phishing-lure generation. 

Google is being careful about the impact here as model extraction doesn’t usually create the same risk as a classic breach of confidentiality or availability. The risk is on model developers and AI service providers, because the goal is copying rather than stealing your personal files. But the effects will still land on regular people when higher-quality social engineering could increase successful attacks.

So it's better to treat Gemini like a high-value service that can be “scraped,” not something secured by one big wall. For Google, the job is to spot automated probing early, throttle it fast, and tighten what new or suspicious accounts can do, so large-scale extraction attempts get slowed down, flagged, and cut off before they can collect enough to be useful.