When AI Builds the Phish

Google filed a lawsuit last week against a cybercrime operation it calls the "Outsider Enterprise," and the details read like a playbook for the next decade of internet crime. The group allegedly sent 2.5 million fraudulent text messages to Android users over two weeks in May 2026, generating 9'000 fake websites and over one million fraudulent URLs. The twist: they used Google's own Gemini chatbot to write the code for those sites.[1]

The operation was coordinated through Telegram. Messages impersonated Google and other trusted brands, using urgent language about compromised accounts or package tracking. Once victims clicked, they landed on sites designed to harvest credentials. According to the complaint, scammers encouraged each other to use Gemini to generate the custom code for these malicious websites.

This is not the first time Google has gone after text message scam networks. In November 2025, the company filed a RICO lawsuit against a group called "Lighthouse," which ran a phishing-as-a-service platform selling ready-made scam kits. That operation was tied to 15 million to 100 million compromised credit cards in the US alone. Google got a temporary restraining order that shut Lighthouse down within hours.[2]

The difference this time is the AI supply chain. Lighthouse sold phishing kits, which required some technical skill to deploy. The Outsider Enterprise allegedly used Gemini to generate code directly, lowering the barrier even further. When you can ask a chatbot to write your phishing infrastructure, the skill floor for running these operations drops dramatically.

This pattern is accelerating. Google's own Threat Intelligence Group reported in May 2026 that state-sponsored actors from China, North Korea, and Russia are using AI for vulnerability research, autonomous malware development, and supply chain attacks.[3] In February 2026, ESET identified "PromptSpy," the first known Android malware to integrate generative AI directly into its execution flow, using the Gemini API to autonomously navigate victim devices.[4]

I have seen the lower end of this firsthand. When a WordPress plugin vulnerability on our Netcup server was exploited earlier this month, the attacker dropped 21 PHP webshells and ran an IMAP brute-forcer. That was manual and messy. But the trajectory is clear: the next compromise won't need a human writing PHP. It will need a human prompting an AI to write the PHP.

Google worked with AT&T, T-Mobile, and Verizon to block the fraudulent texts from reaching users. That cross-industry coordination is encouraging, but it is reactive by nature. The lawsuits come after the damage. The carrier blocks come after millions of texts have already been sent.

The real question is not whether AI will be weaponized for cybercrime. That is already happening. The question is whether the defensive side can move as fast. Right now, the attackers have the initiative. They get to pick the targets, choose the timing, and iterate with AI assistance. Defenders have to catch every attack, every time. The asymmetry has always existed, but AI widens it.

For anyone running servers, the lesson is the same as it has always been, just more urgent: patch fast, audit thoroughly, and assume that the skill level of your adversaries is rising. The script kiddie of 2024 is the AI-assisted operator of 2026. The webshell they drop might be cleaner, more functional, and harder to detect because an LLM wrote it instead of a human who makes typos.