Google reveals attempt to clone Gemini using 100,000 requests

# Google Revealed an Attempt to Clone Gemini Through 100 Thousand Requests

Google discovered a serious attempt at intellectual property theft. Attackers sent more than 100 thousand requests to the Gemini neural network, attempting to copy its capabilities using the knowledge distillation method. This is not simply a hacking attempt — it's a new approach where competitors can create functionally identical systems by spending only a fraction of the billions that Google and its competitors have invested in AI development. The incident exposed a critical vulnerability in the architecture of modern AI services and forced the industry to seriously reconsider its protection strategy.

Knowledge distillation is a legitimate machine learning method in which a compact model is trained to reproduce the logic of a more powerful system. Typically, this is done for optimization: instead of users working with a massive model that requires powerful hardware, a company deploys a lighter version that delivers nearly the same results but runs faster and cheaper. However, in the hands of malicious actors, this same methodology becomes a weapon. They systematically requested various types of tasks from Gemini, collected the responses, and then used this data to train their own model that mimics Google's behavior. Essentially, they paid for basic API access to get for free what took Google years and billions of dollars to create.

The scale of the attack at one hundred thousand requests is not spontaneous attempts. This is a coordinated, methodical operation that demonstrates that someone was seriously preparing for such an act. The goal was clear: not simply to gain access to the model, but to create its functional equivalent, which could be sold, transferred, or used for competitive purposes. The fact that Google was able to detect this through request patterns shows that such attacks leave digital traces, but also suggests the possibility of many undetected attempts by more cautious attackers.

The problem extends far beyond a single incident. In an era when the primary value of AI companies becomes API access, a protection system based on simple limits and rate restrictions proves insufficient. Google could raise API prices, implement stricter usage restrictions, require user verification, or introduce dynamic limits based on usage patterns. However, each of these solutions creates a trade-off between security and accessibility for legitimate users. The stricter the restrictions, the higher the barrier to entry for startups and developers who want to integrate Gemini into their products.

The incident also inflames longstanding disputes about protecting AI models as intellectual property. If you question a system and analyze its responses, do you violate the company's rights? The legal system has not yet provided a clear answer. Distillation exists in a gray area: it does not require access to source code or model parameters, only to its outputs, which are formally available to everyone. This makes it almost impossible to fully prevent at the licensing level.

Faced with this reality, Google and other AI industry leaders inevitably transition to more invasive control methods. This involves monitoring user behavior, analyzing request patterns, and blocking suspicious activity in real time. This improves security but creates an additional layer of surveillance over who and how uses the technology. The industry is moving in a direction where full access will require not just a payment account, but also a verified identity and usage history. The Gemini incident is a warning that the golden age of relatively open API access is slowly but steadily coming to an end.