Google filed a lawsuit on June 12 against a China-based cybercrime organization called “Outsider Enterprise” that allegedly weaponized Gemini AI to run large-scale financial scams targeting hundreds of thousands of Americans. The lawsuit marks one of the first major legal actions by a major AI company against third parties who abused its AI systems for criminal financial operations.
According to Google, the network used Gemini to create fake websites impersonating Google, YouTube, the US Postal Service, and New York’s E-ZPass toll payment service. The fake sites funneled victims into financial scams that caused losses estimated in the millions of dollars. The scale of the operation was significant: the network built over 9,000 fake websites, generated more than one million fraudulent URLs, and sent 2.5 million messages to Android users containing links to those fake sites in a single two-week period in May 2026. Android users flagged 55,000 spam texts in that same two-week window, more than two complaints per minute.
Google is not acting alone. The company is coordinating with major US wireless carriers and the FBI to shut down the network’s infrastructure, including blocking fraudulent texts before they reach customers. The legal action aims to establish court-ordered precedent allowing Google to permanently dismantle the group’s technical infrastructure and prevent similar operations.
Beyond the lawsuit, Google published a statement calling for stronger laws better suited to the AI era, arguing that existing legal frameworks do not adequately address AI-enabled fraud at this scale. The company urged legislators to update statutes covering impersonation, fraud, and platform abuse to account for the speed and volume that AI tools enable.
The case illustrates a persistent challenge for AI developers: the same capabilities that make models useful for productivity and creativity make them equally powerful tools for bad actors who bypass terms of service to scale fraud, phishing, and impersonation operations.
