Android Malware 'PromptSpy' Uses Google's Gemini AI for Persistence and Remote Access

The malware explicitly uses an AI system (Google's Gemini generative AI chatbot) to interpret device UI and execute actions, which is a clear AI system involvement. The malware's use leads directly to harm by enabling remote control, interception of sensitive data (lockscreen PINs, passwords), and prevention of uninstallation, which are violations of user rights and privacy, constituting harm to persons and communities. Although it is currently a proof of concept with limited evidence of deployment, the malware has been found in VirusTotal and associated with domains mimicking a bank, indicating potential real-world malicious use. The AI system's role is pivotal in enabling the malware's adaptive and dynamic behavior, which traditional malware lacks. Hence, this is an AI Incident rather than a mere hazard or complementary information.

The event involves an AI system explicitly mentioned (generative AI model Gemini) integrated into malware that directly causes harm by enabling unauthorized remote access, data capture, and blocking removal on victims' devices. The malware's use of AI to adapt its persistence mechanism increases the risk and effectiveness of the attack, leading to realized harm to individuals' security and privacy. Therefore, this qualifies as an AI Incident because the AI system's use in the malware directly leads to significant harm to persons and communities through malicious cyber activities.

The malware uses an AI system (Google's Gemini GenAI) as part of its execution to maintain persistence and evade user removal, which is a direct use of AI in malicious activity. The malware's actions cause harm to users by compromising device security and privacy, fulfilling the criteria for an AI Incident. Although the malware is not yet widespread, the harm is realized for infected users, and the AI system's role is pivotal in enabling the malware's adaptability and persistence. Hence, this event qualifies as an AI Incident rather than a hazard or complementary information.

The malware uses Google's Gemini AI chatbot to interpret the user interface and provide instructions to maintain persistence on infected devices, enabling remote control and data interception. This direct use of an AI system in malicious software that causes realized harm to users (unauthorized access, interception of PINs, screen recording) fits the definition of an AI Incident. The harm is materialized, not just potential, and the AI system's role is pivotal in the malware's operation. The event is not merely a warning or potential risk (AI Hazard), nor is it a governance or research update (Complementary Information).

The event involves an AI system (generative AI model Gemini) used maliciously within malware to manipulate device UI and maintain persistence, which directly leads to harm to individuals' privacy and security. The malware's capabilities include capturing lockscreen data, recording screen activity, and blocking uninstallation, all of which constitute harm to persons and their property. Since the harm is realized and the AI system's role is pivotal in the malware's operation, this qualifies as an AI Incident.

The event explicitly involves an AI system (generative AI model Gemini) integrated into malware that is actively used to facilitate malicious actions causing harm to users. The malware's use of AI to adapt to different devices and maintain persistence directly contributes to the harm caused, including unauthorized access, data capture, and blocking uninstallation. These harms fall under violations of rights and harm to individuals. Since the harm is realized and the AI system's role is pivotal in enabling the malware's effectiveness, this qualifies as an AI Incident rather than a hazard or complementary information.

The malware explicitly incorporates an AI system (Google's Gemini) to make real-time decisions for executing malicious UI interactions, enabling persistence and remote control on infected devices. This AI involvement is central to the malware's operation and harm potential. The malware's capabilities include intercepting lockscreen PINs, recording screen activity, and preventing removal, which are direct harms to users' security and privacy. Although no infections have been detected yet, the malware's deployment infrastructure and advanced capabilities indicate real-world harm is likely or ongoing. Hence, the event meets the criteria for an AI Incident due to realized or imminent harm caused by the AI-powered malware.

The malware explicitly incorporates an AI system (generative AI model Gemini) in its operation, specifically to automate and adapt its persistence mechanism across diverse Android environments. This AI involvement directly leads to harm by enabling unauthorized remote access, data theft, and interference with device management, which are violations of user rights and privacy (a form of harm to persons and communities). The malware's deployment and targeting of users in Argentina confirm realized harm rather than just potential risk. Hence, the event meets the criteria for an AI Incident rather than an AI Hazard or Complementary Information.

An AI system (Google's Gemini) is explicitly involved in the malware's operation, analyzing screen content and guiding actions to maintain control over the device. This use of AI directly facilitates harm to users by enabling attackers to spy on them, intercept inputs, and control the device, which constitutes harm to individuals' privacy and security. Therefore, this event qualifies as an AI Incident due to the realized harm caused by the AI-enabled malware.

The malware uses an AI system (Google's Gemini) to analyze the smartphone's screen in real time and decide how to act to maintain control, which is a clear use of AI in the attack. The harm includes unauthorized access to personal data, interception of messages, and financial theft, which are direct harms to individuals' rights and security. The event describes realized harm caused by the AI system's use in the malware, meeting the criteria for an AI Incident rather than a hazard or complementary information.

The malware explicitly uses an AI system (Google Gemini) to analyze screen content and decide malicious actions, which is a direct use of AI in causing harm. The harms include spying, stealing passwords, and controlling devices, which are violations of privacy and security rights, fitting the definition of harm to persons and violation of rights. The malware is active and capable of causing harm, even if infections are not yet widespread, so this is an AI Incident rather than a hazard or complementary information. The AI system's involvement is in the malware's use phase, directly leading to harm.

The malware explicitly uses an AI system (Google's Gemini model) to analyze screen content and control the app's behavior, which is a clear AI system involvement. The use of this AI system directly facilitates malicious activities causing financial harm to users, including unauthorized access and theft from PayPal accounts. This meets the criteria for an AI Incident because the AI system's use directly leads to realized harm (financial theft and account takeover).

The malware explicitly uses an AI system (Google's Gemini model) as part of its operation to maintain persistence and facilitate malicious control. The use of AI in the malware's development and operation directly leads to harm through unauthorized financial transactions and privacy breaches. Therefore, this qualifies as an AI Incident because the AI system's use is integral to the malware's harmful effects on users' property and security.

The event explicitly involves an AI system (Google's Gemini generative AI) integrated into malware to autonomously manipulate the device interface and maintain persistence. The malware's use of AI directly causes harm to individuals by enabling unauthorized access and control over their smartphones, which constitutes injury or harm to persons and violation of rights. Therefore, this qualifies as an AI Incident because the AI system's use in the malware has directly led to realized harm through cybercrime activities.

The malware explicitly uses an AI system (Google's Gemini generative AI) to adapt its behavior dynamically, which is a clear example of AI system involvement. The malware's use of AI to guide its malicious actions directly leads to harm to users' devices and potentially their data and privacy, fulfilling the criteria for an AI Incident. The harm is realized (malware infection and malicious behavior), not just potential, and the AI system's role is pivotal in enabling this adaptive malicious behavior. Hence, this is classified as an AI Incident.

The article explicitly states that the malware uses Gemini AI, a generative AI system, to adapt to different Android devices by analyzing screen dumps and instructing the malware how to pin itself in the background. This AI-enabled behavior directly facilitates the malware's persistence and malicious capabilities, leading to realized harm such as theft of lock screen PINs, recording user activity, and enabling remote control. The involvement of AI in the malware's operation and the resulting privacy and security harms meet the criteria for an AI Incident, as the AI system's use has directly led to harm to individuals' rights and security.

The malware uses an AI system (Google Gemini generative AI) to analyze device screens and generate instructions that help the malware persist and evade removal. This AI involvement directly leads to harm by enabling the malware to infect devices, steal data, and resist user attempts to uninstall it. The harm to users' devices and privacy is realized, not just potential. Hence, the event meets the criteria for an AI Incident due to the direct role of AI in causing harm.

The malware explicitly uses an AI system (generative AI Gemini) to adapt and enhance its malicious capabilities, which directly leads to harm to individuals by stealing data, blocking uninstallation, and enabling remote access. This constitutes injury or harm to persons (privacy and security breaches) and harm to communities (targeted users). The AI system's use is integral to the malware's function and harm caused, meeting the criteria for an AI Incident rather than a hazard or complementary information.

The malware explicitly incorporates an AI system (Google's Gemini LLM) to dynamically generate instructions for UI navigation, enhancing its persistence and adaptability across devices. This AI involvement directly contributes to the malware's ability to maintain control and exfiltrate sensitive data, causing harm to individuals' privacy and security (harm to persons/groups). The event reports actual deployment and infection instances, not just theoretical risks, confirming realized harm. Hence, it meets the criteria for an AI Incident as the AI system's use has directly led to significant harm through malicious remote control and data theft.

The event explicitly involves an AI system (generative AI model Gemini) integrated into malware to perform context-aware UI manipulation, which is a core part of the malware's persistence mechanism. The malware's use of AI directly leads to harm by enabling unauthorized remote access, blocking uninstallation, capturing sensitive data, and facilitating financial fraud. The harm to individuals' privacy, security, and potential financial loss fits the definition of an AI Incident. The AI system's role is pivotal in the malware's adaptability and effectiveness, and the malware is actively distributed and operational, not merely a theoretical or potential threat. Hence, this is an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Google's Gemini generative AI) used maliciously within malware to maintain persistence on victim devices. The malware's use of AI directly contributes to harm by enabling attackers to control devices stealthily, violating user privacy and potentially leading to financial or other harms. The malware is actively deployed, not hypothetical, so this is a realized harm scenario. Therefore, this qualifies as an AI Incident due to the direct involvement of AI in causing harm through malicious use.

The malware exploits an AI system (Google's Gemini AI) integrated on devices to steal sensitive data, which is a clear violation of user rights and privacy. The AI system's misuse directly leads to harm by enabling data theft. The event involves the use and malfunction (misuse) of the AI system, resulting in realized harm to individuals. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system explicitly (Google's Gemini AI assistant) and describes a malware that intercepts user inputs to this AI system, stealing sensitive data. The harm is realized and significant, including privacy violations and potential identity theft, which fall under violations of human rights and harm to individuals. The malware's use of accessibility services to capture AI prompts is a direct misuse of the AI system's interface, leading to harm. Hence, this is an AI Incident rather than a hazard or complementary information.

The malware explicitly uses a generative AI system to guide malicious UI manipulation, enabling persistence and adaptability across devices. This AI involvement directly facilitates harmful activities such as capturing lockscreen data, blocking uninstallation, recording screen activity, and enabling remote access, which constitute harm to individuals' privacy and security. The event reports realized harm through malware operation, not just potential risk, fulfilling the criteria for an AI Incident. The AI system's role is pivotal in the malware's enhanced capabilities, and the harm is direct and significant.

The malware explicitly uses an AI system (Google's Gemini generative AI model) as part of its operation, fulfilling the definition of an AI system. Its use directly leads to harm by enabling persistence, data theft, and interference with user control over their devices, which are harms to individuals' security and privacy (harm to persons and communities). The event describes actual malware samples and their capabilities, indicating realized harm rather than just potential risk. Therefore, this qualifies as an AI Incident due to the direct involvement of AI in causing harm through malicious use.

The malware explicitly uses an AI system (Google Gemini) to analyze the device's screen and generate step-by-step instructions to evade removal, demonstrating AI system involvement in its malicious use. The harm includes unauthorized access to personal data, financial theft, and loss of control over the device, which are direct harms to property and privacy. The AI system's use is integral to the malware's effectiveness and persistence, fulfilling the criteria for an AI Incident. The event is not merely a potential risk or complementary information but a concrete case of AI-enabled harm.

The article explicitly states that the malware uses Google's generative AI model Gemini in real-time to analyze the device's screen and guide its actions to avoid being closed, which is a clear use of an AI system. The malware's operation leads directly to harm by compromising users' devices, enabling unauthorized access and control, which constitutes harm to property and violation of user rights. The involvement of AI is central to the malware's effectiveness and persistence, making it a direct contributing factor to the harm. Since the harm is occurring and the AI system's role is pivotal, this event meets the criteria for an AI Incident rather than a hazard or complementary information.

The event explicitly involves an AI system (Google's Gemini AI) being exploited by malware to maintain persistence and perform spying functions on Android devices. The malware's use of AI enables it to adapt to various devices and Android versions, increasing its effectiveness and harm potential. The harms include unauthorized access to personal data, privacy violations, and remote control of devices, which constitute injury to persons and harm to communities. Since these harms are realized and directly linked to the AI system's use in the malware, this qualifies as an AI Incident.

The article explicitly states that the malware uses generative AI to analyze the device's screen and control it to maintain its presence and perform harmful actions. This AI involvement is central to the malware's operation and the resulting harms, including unauthorized access, spying, and financial fraud. These harms fall under injury to property and harm to individuals. Since the AI system's use is directly linked to realized harm, this qualifies as an AI Incident rather than a hazard or complementary information.

The malware uses generative AI (Gemini) to generate prompts and control infected devices, which qualifies as an AI system. The malware's deployment in phishing campaigns causing financial fraud constitutes direct harm to property and individuals. Therefore, this event meets the criteria for an AI Incident because the AI system's use has directly led to harm through malicious activity and financial fraud.

The article explicitly mentions the use of an AI system (Google Gemini) integrated into malware to perform real-time decision-making and adapt its attack strategy, which is a clear AI system involvement. The malware's use has directly led to harm by facilitating theft of sensitive information from smartphone users, fulfilling the criteria for an AI Incident under harm category (a) injury or harm to people. The event is not merely a potential risk but an active, ongoing threat with realized harm, so it is classified as an AI Incident rather than an AI Hazard or Complementary Information.

The event involves an AI system (generative AI model Gemini) integrated into malware to facilitate malicious actions on Android devices. The malware's use of AI directly contributes to its persistence and effectiveness, leading to realized harms including unauthorized access, data capture, and interference with device control. These harms constitute violations of user rights and harm to individuals. Therefore, this qualifies as an AI Incident because the AI system's use has directly led to significant harm through malicious software operations.

The article explicitly mentions the use of an AI system (generative AI model Gemini) integrated into the malware to guide malicious UI manipulation and persistence mechanisms. The malware's capabilities cause direct harm to users by compromising their devices, capturing sensitive data, and preventing removal of the malicious app. These harms fall under violations of rights and harm to individuals. Since the AI system's use is integral to the malware's harmful operation and the harm is occurring or has occurred, this qualifies as an AI Incident.

The event involves an AI system (generative AI embedded in malware) whose use has directly caused harm by enabling spying, data theft, and unauthorized control of users' devices. This fits the definition of an AI Incident because the AI system's use has directly led to harm to persons (privacy violations, potential financial harm) and communities (widespread fraud and digital security threats). The malware's AI capabilities make it more effective and harder to detect, increasing the severity of harm. Therefore, this is classified as an AI Incident.

The event explicitly involves an AI system (generative AI model Gemini) integrated into malware that manipulates device UI to maintain persistence and enable remote control. The malware's use leads directly to harm: unauthorized access, data capture, blocking uninstallation, and potential financial fraud targeting users in Argentina. These harms fall under injury to persons and harm to communities. The AI system's role is pivotal in enabling the malware's adaptability and persistence, which traditional malware scripting could not achieve as effectively. Hence, this is an AI Incident, not merely a hazard or complementary information, because the harm is occurring or has occurred due to the AI system's use in the malware.

The article explicitly describes an AI system (the generative language model Gemini) integrated into malware that manipulates device interfaces in real time to avoid being closed, enabling persistent infection and remote control. This use of AI directly leads to harm by facilitating unauthorized access, data capture, and control over users' devices, violating privacy and security. The harm is realized or imminent given the malware's capabilities, even if active infections are not yet observed. Thus, the event meets the criteria for an AI Incident due to direct harm caused by the AI system's use in malware.

The malware incorporates an AI system (generative AI model Gemini) that autonomously controls the infected device, enabling harmful actions such as data theft and remote control. The event reports the malware's discovery and its active capabilities, which directly threaten users' security and privacy, fulfilling the criteria for harm to persons. Even though no confirmed infections are reported, the malware's deployment and detection in the wild indicate realized harm or imminent risk. Hence, it is an AI Incident rather than a hazard or complementary information.

The event involves an AI system explicitly mentioned (Google's Gemini generative AI) used by malware to execute and conceal itself on mobile devices, leading to direct harm to users through unauthorized access, data theft, and control of devices. The malware's AI-driven adaptive behavior and the use of AI by hackers to automate attacks demonstrate direct causation of harm. This fits the definition of an AI Incident because the AI system's use has directly led to injury to persons (privacy and security breaches) and harm to communities (cyber espionage and attacks).

The article explicitly states that the malware uses generative AI (Google's Gemini) to analyze the phone screen and generate instructions to maintain control and manipulate the device. The malware's operation leads to direct harm: unauthorized access to personal data, interception of verification codes, and control over banking and digital wallet apps, which constitute violations of privacy and potential financial harm. The AI system is integral to the malware's effectiveness and harm. Hence, this is a clear AI Incident involving the use and misuse of an AI system causing direct harm to individuals.

The article explicitly mentions the use of an AI system (Google's Gemini) integrated into malware that controls Android devices and steals data. The AI system's involvement is central to the malware's capability to adapt and operate effectively, leading directly to harms such as data theft, unauthorized financial transactions, and loss of device control. These harms fall under violations of rights and harm to individuals. The presence of the AI system, its use in the malware, and the direct resulting harm meet the criteria for an AI Incident rather than a hazard or complementary information.

The event involves an AI system (generative AI technology integrated into malware) whose use directly leads to harm by enabling unauthorized data collection, remote access, and blocking removal attempts on victims' devices. This constitutes a violation of users' rights and harm to individuals' privacy and security. Since the AI system's use is integral to the malware's harmful functionality and the harm is realized (active malware targeting users), this qualifies as an AI Incident.

The malware explicitly uses a generative AI system (Google Gemini) during execution to adapt its malicious behavior dynamically, which is a direct use of AI in causing harm. The harm includes unauthorized remote access to devices, interference with user control (blocking uninstallation), and potential privacy violations. These harms fall under violations of rights and harm to individuals. Although the current spread is limited, the malware has been observed in real-world samples and has caused or could cause harm. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The malware explicitly uses an AI system (Google's Gemini generative model) as a core component of its operation, adapting dynamically to device interfaces to maintain persistence and evade removal. This AI involvement directly enables the malware's harmful spying activities, including interception of passwords and user actions, which constitute harm to individuals' privacy and security (a form of harm to persons and violation of rights). Although the malware may not yet be widespread, the evidence of distribution infrastructure and phishing attempts indicates realized harm or imminent risk. Hence, the event meets the criteria for an AI Incident rather than a mere hazard or complementary information.

The malware PromptSpy explicitly incorporates an AI system (Google's Gemini model) in its operation, using it to adaptively control the malware's behavior for persistence and spying. The use of AI here is central to the malware's ability to evade removal and maintain unauthorized access, leading to direct harm to individuals' privacy and security (harm to persons). The event involves the use and malfunction (malicious use) of an AI system causing realized harm, fitting the definition of an AI Incident.

The event involves an AI system (Google's Gemini) integrated into malware that is actively used to adapt and enhance malicious spying activities on Android devices. The malware's use of AI directly contributes to harm by making it more effective at spying and stealing credentials, which constitutes harm to individuals' privacy and security (harm to persons). The involvement of AI is explicit and central to the malware's operation, and harm is occurring or has occurred through the malware's spying functions. Although Google Play Protect mitigates risk on official channels, the malware exists outside the Play Store and thus poses a real threat. This meets the criteria for an AI Incident rather than a hazard or complementary information.

PromptSpy is an AI system (malware) that uses generative AI to adapt and control infected devices, directly leading to harm by intercepting sensitive personal data and preventing removal. The malware's use of AI to evade defenses and maintain persistence causes realized harm to individuals' privacy and security, fitting the definition of an AI Incident due to violations of rights and harm to persons. The article reports ongoing attacks and active harm, not just potential risk, confirming it as an AI Incident rather than a hazard or complementary information.

The event involves an AI system explicitly mentioned as generative AI (Google Gemini) integrated into the malware's operation to maintain persistence and evade removal. The malware's use leads directly to harm by compromising user devices, stealing data, and enabling unauthorized remote access, which constitutes harm to persons and their property (privacy and device integrity). The AI's role is pivotal in enhancing the malware's adaptability and persistence, making it a direct contributing factor to the harm. Therefore, this is an AI Incident.

The malware uses an AI system (Google Gemini) to analyze screen content and guide its malicious actions, which is a clear example of AI system involvement. The malware's use leads to realized harm, including potential financial theft and privacy violations, fulfilling the criteria for an AI Incident. The harm is direct and ongoing, as the AI system's outputs enable the malware to adapt and persist on devices, causing injury to users' property and potentially their financial security. Therefore, this event qualifies as an AI Incident rather than a hazard or complementary information.

PromptSpy is an AI-powered malware that uses generative AI to evade removal and maintain control over infected devices, which directly harms users by compromising their privacy and security. The AI system's use in real-time screen analysis and adaptive behavior is central to the malware's effectiveness and harm. The article reports actual infections and malicious activity, not just potential risks, fulfilling the criteria for an AI Incident due to realized harm caused by the AI system's use in malware.

The article explicitly mentions the use of an AI system (Google's Gemini generative AI model) integrated into the malware's operational flow to evade detection and removal. The malware's use has directly harmed users by compromising their devices and enabling remote control by attackers, which is harm to property and privacy. The AI system's involvement is in the malware's use and operation, directly causing harm. Hence, this qualifies as an AI Incident under the framework, as the AI system's use has directly led to harm.

The malware explicitly uses an AI system (Google's Gemini generative AI) to guide its persistence mechanism, which directly facilitates unauthorized remote access and data theft from users' devices. This constitutes harm to individuals' privacy and security, a violation of rights under applicable law. The AI system's involvement is in the malware's operational use, directly leading to harm. Although the malware is not widespread, the documented use and potential victim impact meet the criteria for an AI Incident rather than a hazard or complementary information.

PromptSpy is an AI-powered malware that uses generative AI to enhance its persistence and resistance to removal on Android devices. The malware's use of AI to interpret screen content and generate instructions for maintaining control constitutes the use of an AI system in its operation. The harm caused includes unauthorized remote control of devices, interference with user control, and potential economic harm to victims, which fits the definition of harm to persons or communities. Since the AI system's use directly leads to these harms, this event qualifies as an AI Incident rather than a hazard or complementary information.

The malware PromptSpy explicitly uses an AI system (Google's Gemini) to interpret the device screen and adaptively prevent its removal, which is a direct use of AI in malicious software. This AI-enabled behavior leads to harm by compromising user privacy, capturing sensitive information like passwords and unlock patterns, and obstructing user control over their device. The harm is realized as the spyware operates actively, even if no widespread infections are currently detected, since the malware's capabilities and distribution method are confirmed. Hence, the event meets the criteria for an AI Incident because the AI system's use directly leads to harm to users' rights and security.

The malware explicitly uses an AI system (Google's Gemini generative AI) as part of its operational behavior to maintain persistence and evade removal, which directly contributes to harm by enabling unauthorized remote access, data capture, and control over users' devices. These actions violate users' rights and cause harm to individuals' privacy and security. The AI system's involvement is integral to the malware's function, making this a clear case of an AI Incident rather than a hazard or complementary information. The fact that the malware is not yet widespread does not negate the realized harm potential inherent in its use and deployment.

The article explicitly states that the malware integrates a generative AI model to evade removal and capture data from infected devices, which directly harms users by compromising their device security and privacy. The AI system is central to the malware's operation and persistence, making it a direct cause of harm. The harm is realized, not just potential, as the malware has been detected in the wild and actively distributed, even if limited in scale. This fits the definition of an AI Incident because the AI system's use has directly led to harm to persons and communities through malicious activity.

The malware explicitly uses an AI system (Google's Gemini model) in its operation to maintain persistence on devices, which is a direct use of AI in a harmful context. The malware's spyware capabilities cause violations of user privacy and security, which are harms to individuals and breaches of rights. The article indicates that the malware is active or potentially active in the wild, with phishing sites and distribution domains identified, implying realized or imminent harm. Hence, the event meets the criteria for an AI Incident, as the AI system's use directly leads to harm through malicious software.

The malware explicitly uses an AI system (Google's Gemini) to adapt its malicious behavior dynamically, which is a clear AI system involvement. The malware's use leads to direct harm by spying on users, collecting sensitive data, and resisting removal, thus violating user rights and privacy. Although the spread is not yet widespread, the malware samples have been distributed and are capable of causing harm. This meets the criteria for an AI Incident because the AI system's use in the malware directly leads to harm to individuals' rights and security. The article does not merely warn of potential harm but reports an active malware using AI, so it is not a hazard or complementary information.

The article explicitly mentions the use of an AI system (Google's Gemini generative AI model) integrated into the malware's execution chain to maintain persistence and adapt to different devices. The malware's activities cause direct harm to users by exfiltrating data, preventing uninstallation, and enabling remote control, which constitute violations of user rights and harm to property and communities. The AI system's involvement is central to these harms, making this an AI Incident rather than a hazard or complementary information. The malware is active and causing harm, not merely a potential threat or a research finding.

The event involves an AI system explicitly mentioned as generative AI integrated into malware to manipulate the user interface and maintain persistence. The malware's use leads directly to harm by enabling unauthorized access, data capture, and blocking removal, which are violations of user rights and cause harm to property (devices) and potentially to individuals. Therefore, this qualifies as an AI Incident because the AI system's use in the malware directly leads to realized harm or ongoing malicious activity, even if currently limited in spread. The article does not merely warn of potential harm but describes an active malware with AI components causing harm.

The malware explicitly uses an AI system (Google's Gemini) in its operation, fulfilling the definition of an AI system. Its use has directly led to harm to individuals by enabling theft of banking credentials and unauthorized access to financial accounts, which constitutes harm to persons and violation of rights. Therefore, this event qualifies as an AI Incident due to the realized harm caused by the AI-enabled malware.

The malware uses generative AI (Google's Gemini model) to interpret the phone interface and adapt its behavior dynamically, which qualifies as an AI system. The malware's deployment and operation have directly led to harm by stealing PINs, passwords, and financial data, and by taking full control of devices, which constitutes harm to property and privacy. The event describes realized harm, not just potential harm, so it is an AI Incident rather than an AI Hazard. The detailed description of the malware's AI-driven capabilities and the resulting harm meets the criteria for an AI Incident under the OECD framework.

The article explicitly states that the malware uses a generative AI model to analyze the device interface and receive instructions on actions to perform, enabling real-time adaptation and control. This AI involvement is central to the malware's harmful capabilities, including unauthorized control of the device, data theft, and blocking uninstallation. These actions cause direct harm to users' security and privacy, fulfilling the criteria for an AI Incident. The harm is realized, not just potential, and the AI system's role is pivotal in enabling the malware's sophisticated behavior.

The malware is an AI system as it uses generative AI to interpret the phone interface and adapt its malicious behavior dynamically. Its use has directly led to harm by stealing sensitive banking information and controlling users' devices, which is a clear violation of rights and harm to individuals. The event describes realized harm caused by the AI system's use, not just potential harm. Therefore, it qualifies as an AI Incident.

The event involves an AI system (generative AI model Gemini) integrated into malware that is actively used to commit fraud and steal sensitive information, causing direct harm to users. The malware's AI-driven adaptive behavior is central to its operation and harm. Therefore, this is an AI Incident because the AI system's use has directly led to realized harm (the malware infection and data theft).

The malware explicitly uses generative AI (Google's Gemini model) to analyze and adapt to the phone's interface in real time, which is a clear AI system involvement. The use of this AI system in the malware's operation directly leads to harm by stealing financial data and taking control of users' phones, fulfilling the criteria for an AI Incident. The harm is realized, not just potential, as the malware is actively stealing data and controlling devices. Hence, this is not merely a hazard or complementary information but a concrete AI Incident.

The malware explicitly uses generative AI (Google's Gemini model) to adapt its behavior dynamically, which qualifies it as an AI system. Its deployment and operation have directly led to harm by stealing sensitive personal and financial information and taking control of users' devices, violating privacy and security rights. The harm is realized, not just potential, as the malware is actively used to compromise devices. Hence, this event meets the criteria for an AI Incident due to direct harm caused by the AI system's use in malware.

The event involves an AI system (generative AI model Gemini) integrated into malware that is actively causing harm by spying on users, stealing data, and blocking uninstallation, which directly harms users' privacy and security (harm to persons). The malware's use of AI is pivotal in its adaptability and persistence, making it an AI Incident. The harm is realized, not just potential, as the malware is in active distribution and use, thus meeting the criteria for an AI Incident rather than a hazard or complementary information.

The malware uses an AI system (Google's Gemini model) as part of its operation to manipulate and control Android devices maliciously. This AI involvement directly leads to harm by enabling the malware to evade removal and spy on users, violating their privacy and security. The harm is realized, not just potential, as the malware is actively deployed and affects users. Hence, it meets the criteria for an AI Incident, as the AI system's use is pivotal in causing significant harm to individuals' security and privacy.

The event involves an AI system (Google's Gemini generative AI) integrated into malware that manipulates user devices and prevents removal, causing direct harm to users by compromising their device security and privacy. The malware's use of AI to control and deceive users is a direct cause of harm, fulfilling the criteria for an AI Incident. The harm is realized, not just potential, as the malware is actively deployed and affecting millions of users. Hence, it is not merely a hazard or complementary information but a clear AI Incident.

The malware explicitly uses an AI system (Google's Gemini model) to perform sophisticated malicious actions that directly harm users by spying on them, manipulating device behavior, and preventing removal. The harm is realized as users' privacy and device security are compromised. The AI system's involvement is central to the malware's operation and the resulting harm, meeting the criteria for an AI Incident rather than a hazard or complementary information.

PromptSpy is an AI-powered malware that uses generative AI to manipulate the user interface and prevent its removal, enabling harmful activities like data theft and unauthorized remote access. The involvement of AI in the malware's operation is explicit and pivotal to its adaptability and effectiveness. The malware's deployment and capabilities constitute direct harm to users' property and privacy, fulfilling the criteria for an AI Incident under the OECD framework.

The malware uses an AI system (Google's Gemini generative AI model) integrated into its code to enhance its ability to evade detection and removal, directly leading to harm by spying on users and preventing uninstallation. The harm includes privacy violations and unauthorized data collection, which are harms to individuals. The AI system's role is central to the malware's functionality and harm caused. Hence, this is an AI Incident rather than a hazard or complementary information.

The malware PromptSpy explicitly uses an AI system (Google's Gemini generative AI model) to perform malicious activities on Android devices, including spying on users and blocking uninstallation attempts. These actions constitute direct harm to users' privacy and security, fulfilling the criteria for an AI Incident. The AI system's role is pivotal in enabling the malware's adaptability and resilience, and the harm is occurring, not just potential. Hence, this event is classified as an AI Incident.

The event involves an AI system (Google's Gemini generative AI) integrated into malware that directly harms users by spying on them, blocking removal, and manipulating device interfaces. This constitutes injury or harm to persons and communities through privacy violations and malicious control of devices. The AI system's use in the malware's operation is explicit and central to the harm caused. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly states that the malware uses a generative AI model to manipulate the user interface and prevent removal, which is a direct use of an AI system in the malware's operation. The malware causes harm by stealing data, recording user activity, and blocking uninstallation, which are clear harms to individuals' security and privacy. The AI system's involvement is central to the malware's effectiveness and persistence, making it a direct contributing factor to the harm. Hence, this qualifies as an AI Incident rather than a hazard or complementary information.

The article explicitly mentions an AI system (the malware uses the Gemini AI model) involved in malicious activity that directly harms users by spying on their device activity, recording screens, and preventing removal. This constitutes a violation of privacy and unauthorized surveillance, which are harms to individuals and communities. The malware's AI-driven capabilities make it more effective and harder to detect, directly contributing to the harm. Hence, this is an AI Incident as the AI system's use has directly led to realized harm.

The malware explicitly uses an AI system (Google's Gemini generative AI model) integrated into its code to manipulate the device interface and resist removal, which directly leads to harm by compromising user privacy and device control. The event involves the use of AI in a malicious context causing realized harm to users, meeting the criteria for an AI Incident. The description details the AI system's role in the malware's operation and the resulting harm, not just a potential or future risk, nor is it merely complementary information or unrelated news.

The article explicitly mentions an AI system (Google's Gemini generative AI model) integrated into malware that causes direct harm by spying on users, recording sensitive data, and preventing removal of the malware. This is a clear case where the AI system's use in the malware directly leads to harm to persons (privacy violations, potential data theft) and harm to communities (cybercrime impact). The malware's AI-driven capabilities are central to the incident, not speculative or potential future harm. Hence, it meets the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly mentions the use of an AI system (Google's Gemini) integrated into the malware to generate real-time instructions that help the malware persist on devices and evade removal. This AI involvement directly leads to harm by enabling the malware to manipulate users and maintain control over their devices, which constitutes harm to property and user security. Therefore, this event meets the criteria for an AI Incident due to the realized harm caused by the AI-enabled malware.

The malware explicitly uses an AI system (generative AI model Gemini) in its operation, which is a clear AI system involvement. The use of this AI system in malware leads directly to harm by compromising user privacy and device security, which falls under violations of rights and harm to individuals. Therefore, this event qualifies as an AI Incident because the AI system's use has directly led to realized harm through malicious software activity.

PromptSpy is a malicious AI-powered Android malware that uses generative AI to manipulate device behavior and spy on users, causing direct harm to their privacy and security. The AI system (Google's Gemini model) is explicitly involved in the malware's operation, enhancing its resilience and making it harder to remove. The harm is realized, not just potential, as the malware records sensitive data and blocks uninstallation, which are clear harms to individuals. Hence, this qualifies as an AI Incident under the framework, as the AI system's use has directly led to harm.

The article explicitly states that the malware uses generative AI to perform malicious functions that harm users by spying on them and preventing removal of the malware. This involves an AI system in the malware's use, leading directly to harm to users' privacy and security. The harm is realized, not just potential, and the AI system's role is pivotal in enabling the malware's advanced capabilities. Hence, this qualifies as an AI Incident under the definitions provided.

The malware explicitly uses an AI system (Google's Gemini generative AI model) to carry out harmful activities such as spying on users, recording screen content, and preventing removal, which directly harms users' privacy and security. The involvement of AI in the malware's operation and the realized harm to users meet the criteria for an AI Incident. The event is not merely a potential risk or a general update but describes an active harm caused by AI-powered malware.

The article explicitly mentions an AI system (Google's Gemini language model) integrated into malware that has been used to compromise Android devices. The malware's AI-driven features directly lead to harm by enabling persistent unauthorized access, data theft, and interference with user control over their device. This fits the definition of an AI Incident because the AI system's use in the malware has directly led to harm to individuals' privacy and security. The event is not merely a potential risk or a general update but a concrete case of AI-enabled harm.

The malware explicitly uses an AI system (Google's Gemini) to carry out harmful activities such as spying on users, preventing removal of the malware, and manipulating the user interface to maintain persistence. These actions directly harm millions of users by compromising their device security and privacy, fulfilling the criteria for an AI Incident. The AI system's involvement is central to the malware's harmful functionality, not merely potential or speculative. Hence, this event is classified as an AI Incident.