Google filed a civil lawsuit in Manhattan federal court on June 12 against a China-based cybercrime network it calls the Outsider Enterprise, accusing the group of using Gemini and other AI tools to mass-produce phishing sites. The company says it's the first time it has gone to court specifically over misuse of its own AI model.
What Google actually alleges
The complaint describes a subscription product. For $88 a week or $200 a month, anyone could buy the Outsider kit and start cloning trusted brands, no coding required. Google says members fed Gemini prompts dressed up as innocent programming requests, asking it to build a "gift redemption page" with inline CSS and no JavaScript, then pasted the output into the kit's template editor. The result, per the company blog, was near-perfect replicas of Google, YouTube, the US Postal Service, and the E-ZPass toll system.
The framing here matters. Google's own post is careful, and a few outlets noticed it never quite says the scammers used Gemini in the post itself, leaving the specifics to the complaint. The legal action leans on the harder claim.
The numbers, and what to make of them
Between November 2025 and April 2026, Google says it detected more than 1.59 million URLs tied to the operation. In a two-week stretch in May, Android users flagged 55,000 spam texts, roughly two a minute, while the network pushed out 2.5 million messages carrying links to Outsider-built sites. Across the whole operation Google counts over 9,000 fake websites and more than a million fraudulent URLs.
Treat the message count with some care. The 2.5 million figure covers messages Google detected as linking to apparent Outsider sites, not confirmed deliveries to victims, and the company puts total losses only at "millions of dollars" across "hundreds of thousands" of people. That's a wide range, and Google isn't putting a hard damages number on the table. The FBI's parallel estimate is far larger: about 3.87 million stolen credit cards and $1.9 billion in losses since July 2023, though that covers a much longer window than Google's own counts.
Not going it alone
Google is pursuing the case alongside the FBI, which is running its own enforcement actions, and is working with AT&T, T-Mobile, and Verizon to block the texts before they land. The legal claims span trademark infringement, RICO violations, and misuse of Google Cloud and Drive. The defendants are listed as Does 1 through 25, meaning Google doesn't know who they are yet.
This is Google's second swing at a China-based text-scam network in roughly seven months. The November 2025 Lighthouse case followed nearly the same script, and Google said a temporary restraining order shut that operation down within hours. The new wrinkle is the AI angle, which is really the whole point of the filing: a precedent for treating generative AI as part of the fraud supply chain.
Google is also backing seven bipartisan anti-scam bills in Congress, including the Stop SCAMS Act pushed by Representatives Brian Fitzpatrick and Josh Harder. Whether the courts grant the injunctive relief Google wants, fast domain blocking and account freezes, is the thing to watch. Lighthouse folded quickly under a TRO; the same outcome here would tell you how repeatable this playbook is.
