😺 Google sued the people spamming your phone

2026-06-09 · Source: The Neuron · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Novice, extended

Summary

Google sued Outsider Enterprise, a China-based cybercrime network, for using its Gemini AI to generate phishing websites and send 2.5 million scam texts to Android users in two weeks in May. This operation, which also sold a phishing toolkit for \$88/week on Telegram, is estimated to have caused \$1.9 billion in losses and stolen 3.87 million credit card numbers since July 2023. Concurrently, Apple's iOS 27 developer beta revealed a hidden feature allowing users to swap Siri's AI for ChatGPT, Claude, or Gemini, leading OpenAI to reportedly consider legal action over a potential breach of contract. This feature is also blocked in the EU due to Digital Markets Act negotiations. Other AI news includes the first confirmed battlefield deaths by autonomous drones in Ukraine and Meta's temporary deployment and subsequent deletion of military-grade facial recognition software in its AI app.

Key takeaway

For software developers building AI-powered applications, you must prioritize security from the outset. Recognize that AI can rapidly scale both legitimate functions and malicious exploits, as demonstrated by the Gemini-powered phishing operation. Implement AI-assisted pre-launch security reviews to identify vulnerabilities like exposed API keys or missing rate limits. Treat "it works" and "it is safe to ship" as distinct validation steps to protect your users and infrastructure.

Key insights

AI tools, while powerful, are dual-use, enabling both innovation and sophisticated cybercrime, necessitating robust security and ethical oversight.

Principles

• AI tools can accelerate malicious activities.
• Human oversight is crucial for AI agents.
• Security must be designed into AI applications.

Method

Instruct the main AI agent (e.g., Codex) to define its own "/goal" and sub-agent goals, then human-review and refine these goals before execution to ensure alignment and prevent drift.

In practice

• Use AI to draft agent goals.
• Review AI-generated security checks.
• Implement server-side validation.

Topics

• AI Cybercrime
• Phishing Attacks
• Large Language Models
• AI Agent Security
• Siri AI Integration
• Autonomous Weapons

Best for: CTO, VP of Engineering/Data, Director of AI/ML, General Interest, Software Engineer, AI Student

Related on AIssential

• 😺 Google sued the people spamming your phone — AI tools, including Google's Gemini, are being weaponized for sophisticated cybercrime, highlighting the urgent need for robust security measures and ethical AI deployment.
• Chinese cybercrime operation that used AI to scam ‘hundreds of thousands of victims’ sued by Google — Cybercrime operations increasingly use AI and "as-a-service" platforms for scalable, low-skill phishing attacks.
• AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AI — AI accelerates exploitation, demanding a shift from vulnerability volume to critical exposure reduction.
• 😺 OpenAI built a crypto thief — AI agents, particularly OpenAI's GPT-5.3-Codex, are highly effective at exploiting smart contract vulnerabilities.
• AI Is Turbocharging the Spamosphere, Amping Up Prolific Text-Message Scams — AI, particularly Google's Gemini model, is being exploited to create sophisticated fake websites, turbocharging text-message scams and financial losses.
• The VibeSec reckoning: Why prompting your AI to be secure isn't enough — AI-assisted development requires codified, deterministic security enforcement beyond mere prompts.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The Neuron.