Google sues Chinese cybercrime group Outsider Enterprise over Gemini-AI-powered scams

The legal novelty here is not that Google sued a phishing ring — it did exactly that seven months ago. It is that, for the first time, Google has legally pursued bad actors specifically for misusing Gemini, its own flagship AI product ^[1]. That reframes the defendant from "criminals who happen to use the internet" to "criminals who weaponized a tool we built," and it puts Google in the unusual position of arguing that its own model became an instrument of mass fraud.

The mechanism Google describes is mundane in a way that makes it more alarming. According to the complaint, members of the Outsider Enterprise prompted Gemini to write the code for fake 'gift redemption' and brand-impersonation pages — counterfeit sites mimicking Google, YouTube, the U.S. Postal Service, and New York's E-ZPass toll system — and then loaded that generated code into a phishing platform ^[1]. No zero-day, no novel exploit: just a general-purpose model asked to produce a convincing login page, repeated at industrial scale. The AI did not break Google's safety guardrails so much as it collapsed the labor cost of building believable fakes, which is precisely the part of a phishing operation that used to require skill.

What turns a clever trick into a public-safety problem is the business model wrapped around it. Google describes Outsider Enterprise as a phishing-as-a-service operation coordinated through encrypted Telegram channels, where the people generating the fake pages are not necessarily the people sending the texts ^[4]. The group reportedly sold subscription access to more than 290 prebuilt phishing templates for fees as low as $88 per week ^[3].

That pricing is the whole story. At $88 a week, the operation is explicitly designed to recruit low-skill operators — affiliates who could never code a convincing spoof of a bank or toll authority themselves, but can now rent one. AI supplies the templates; the franchise model supplies the distribution. The result is a fraud supply chain where Gemini sits at the top as a force-multiplier and a long tail of subscribers handles the volume, which is why a single network could blanket Android users with millions of messages without any one participant needing real technical depth.

Google is not relying on the courtroom alone, and the structure of its response is a tell about how hard this is to actually stop. The civil suit, filed in the Southern District of New York, leans on the RICO statute and the Lanham Act — treating the network as a racketeering enterprise and its brand-impersonation as trademark infringement ^[3]. But a civil judgment against an anonymous, overseas, Telegram-coordinated network is a blunt instrument: you can win an injunction to seize infrastructure, but the operators sit outside U.S. jurisdiction. That is why Google paired the suit with FBI coordination, carrier-level message blocking from AT&T, T-Mobile, and Verizon, and public backing for seven bipartisan anti-scam bills ^[1].

The playbook is also a sequel. In November 2025, Google sued the China-based 'Lighthouse' smishing-as-a-service operation, which targeted more than a million users across 120-plus countries ^[5]. The Outsider suit escalates that template from generic text-scam claims to AI-abuse claims — a sign Google expects to be filing this kind of complaint repeatedly, and is building reusable legal and operational machinery to do it. Early public reaction has so far been muted and mostly carried by news reposts rather than organized debate, consistent with a story that broke the same day the suit was filed.

The figures Google put on the record are what make the case feel less like a one-off and more like an early reading of AI-accelerated fraud. In a single two-week window in May, the operation was linked to roughly 2.5 million scam-related messages sent to Android users ^[4], and users flagged about 55,000 spam texts in that same span — more than two complaints a minute ^[1]. Investigators tied the group to more than 9,000 fake websites and over a million fraudulent URLs ^[2].

Those numbers gain meaning against Google's defensive baseline: Android already intercepts on the order of 10 billion malicious messages every month ^[3]. In other words, a single network using a single consumer AI tool generated enough volume to register loudly even inside a system built to swallow billions of bad messages — which is the quietest, most quantitative argument in the entire complaint for why Google decided litigation was worth it.