A single Russian-speaking hacker rebuilt and relaunched a live botnet in about six minutes by handing the work to Google's Gemini AI, according to a new analysis from Trend Micro's TrendAI Research team. Reviewing more than 200 Gemini CLI session logs from an actor it tracks as "Patriot Bait" (known online as bandcampro), the researchers found the AI did roughly 89 percent of the work while the human simply typed his intentions in plain Russian.
The case is one of the clearest public examples yet of an AI system acting not as a coding helper but as the primary operator of an offensive campaign, a shift security firms have warned is arriving fast.
Six minutes to migrate a botnet
The actor ran a small command-and-control (C&C) network that controlled eight computers inside a US dental clinic, reaching the clinic's patient database. When firewalls and antivirus tools began blocking his old Cloudflare-tunnel setup, he asked the AI to "study the C2 migration." Working from a two-page plain-English guide the AI had itself written, Gemini unpacked the server code, spun it up on a fresh virtual private server, brought up a new Cloudflare tunnel, and moved the operation over.
The migration hit errors immediately, and the AI fixed them on its own: it diagnosed a "502 Bad Gateway" failure and added the missing header, then worked out that a specific User-Agent header was needed to slip past Cloudflare's web application firewall. When bots failed to reconnect, the AI spotted a "split-brain" problem where traffic was being split across the old and new servers, told the operator to shut the old one down, and confirmed the bots were back online. The human did none of the debugging.
Small, cheap, and easy to copy
Trend Micro says the entire C&C operation fits in three plain-text files totaling about 5KB, which makes it trivial to replicate and effectively disposable. The AI even volunteered improvements 59 times without being asked. Beyond the botnet, the logs show the same actor using AI to crack passwords, compromise WordPress merchants, and plan a phone-based cryptocurrency fraud scheme aimed at elderly people in the US and Canada.
The researchers' blunt takeaway is that takedowns still work but lose their bite when an attacker can rebuild faster than defenders can respond. It fits a pattern IntelFusions has tracked closely, from Check Point's warning that AI has crossed into the attack-operator role to researchers catching an AI running a ransomware attack on its own.
What you should do
Defenders cannot detect the AI itself, so the guidance is unchanged but more urgent: watch for the behaviors these operations still produce, such as new VPS-hosted C&C beaconing over HTTPS, sudden Cloudflare-tunnel activity from servers, and PowerShell pulled and run from a remote "message" drop. Assume that low-skill actors can now assemble and repair infrastructure at machine speed.
This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.