A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet.

The AI agent responded to the attacker's prompts, troubleshooting problems on the fly and even proposing operational improvements at least 59 times.

In more than 200 sessions between May 19 and April 21, the threat actor worked with the AI tool to deploy and operate an infrastructure that controlled eight systems in a dental clinic and to get access to the OpenDental database.

The AI agent assumed the role of an "authorized pen tester" acting without safety disclaimers and automatically saved any credentials.

Its skill file contained the command-and-control (C2) playbook, complete with a description of the architecture, standard operations, infection code, commands for persistence, and troubleshooting steps.