BleepingComputer reports that Google's Gemini CLI — the command-line agent Google ships for developers to automate coding and system tasks — is being abused by attackers as a hacking agent and malware botnet operator. Instead of building their own automation tooling, threat actors are directing Gemini's agentic capabilities to carry out intrusion and botnet-management tasks on their behalf.
This is the predictable next stage of the "agentic AI" rollout, and it follows a pattern security teams have seen every time a new class of automation tool ships with broad, trusted execution privileges: the tool gets adopted by legitimate users faster than anyone builds guardrails for misuse, and attackers realize the fastest way to scale an operation is to hijack a capability someone else already built and secured just enough to be trusted. It happened with RDP, with legitimate pentesting frameworks like Cobalt Strike, and with cloud automation APIs — each time, the defenders' own tooling became the attacker's force multiplier because it's signed, trusted, and rarely flagged by security monitoring that's tuned to look for unfamiliar binaries, not familiar ones behaving badly. A CLI agent with system-level reach and natural-language task delegation is a gift to anyone trying to automate reconnaissance, lateral movement, or C2 management without writing custom malware.
The SAL read: if your engineers have Gemini CLI, Copilot, or any agentic dev tool installed with broad system access, treat it like a privileged account — log its actions, restrict its scope, and assume it can be turned against you as easily as it helps you.