GTIG reports that state-sponsored actors, including North Korea-linked operators, continue to misuse Gemini across the attack lifecycle rather than only for basic productivity. The DPRK-relevant finding is that North Korean actors used AI assistance for reconnaissance, phishing lure creation, command-and-control development, and data-exfiltration support. The broader report also documents a shift toward AI-enabled malware such as PROMPTFLUX and PROMPTSTEAL, though those examples are attributed or described separately and should not be inferred as North Korean activity. The activity matters because it shows DPRK-linked operators adopting generative AI as an operational enabler while defenders must account for faster lure development, infrastructure work, and tooling support.