Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing

Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant. "The operation weaponized Gemini to help

According to Google’s lawsuit, a China-based cybercrime group known as Outsider Enterprise used AI tools, including Google’s Gemini, to generate phishing website code and spam messages as part of a large-scale phishing-as-a-service operation, creating thousands of fake sites and over a million fraudulent URLs targeting U.S. users.[1][2][3] Reports state the group also sent millions of smishing texts with malicious links to steal personal information from hundreds of thousands of victims.[3] From a CyberSE.AI perspective, this illustrates how general-purpose AI agents can be systematically weaponized to industrialize phishing and smishing campaigns, lowering the technical bar for abuse and increasing operational scale. Organizations should respond by continuously red-teaming AI-supported attack scenarios, hardening their own AI agent designs against misuse, and enforcing clear internal policies on AI-assisted code and content generation to detect and mitigate similar AI-powered phishing ecosystems.