Chrome is using Gemini Nano AI to detect phishing

Google is using artificial intelligence , Gemini Nano, to fight online fraud more effectively. AI is changing the way Chrome browsers, Android devices, and Google Search detect and block fraudulent activity in real time.

The new approach is more advanced than previous techniques, protecting users from new threats and keeping up with scammers' ever-evolving tactics. This isn't new; Google has been using AI to fight online scams for years. The company's Search Anti-Fraud Report claims it blocks hundreds of millions of fake search results every day.

Recent improvements, however, have made the system much more robust. This is thanks to improvements in Google's AI-powered phishing detection. According to the Chromium Blog, the company now identifies and blocks 20 times more phishing sites in Search. This means a much safer experience for millions of users, helping them steer clear of sites designed to steal their money or personal information.

The system works particularly well in certain areas. For example, Google has seen a huge increase in scams where criminals pose as airline customer service representatives or even Google employees. Using AI, Google has cut these scams in Search by more than 80%, preventing many people from falling for them.

Chrome now uses Gemini Nano to add an extra layer of protection, especially in Enhanced Protection mode. The LLM on the device acts like a rapid response system, instantly checking website content for signs of malicious activity. If a user visits a suspicious site, certain triggers (like using the keyboard lock API to prevent the user from closing a phishing window) alert Gemini Nano. LLM then examines the content of the site, looking for security signals that indicate the site's true purpose.

This may include warning pop-ups or full-screen windows, which are common in tech support scams. The information is sent to Google Safe Browsing for a final determination. If Safe Browsing identifies the threat, a warning message prevents the user from interacting with the dangerous site.

This on-device approach has major benefits. Speed ​​is key, as many phishing sites are active for very short periods of time, often less than 10 minutes. Gemini Nano's real-time analysis allows Google to detect and block these fast-moving threats before they can cause widespread harm, bypassing the limits of traditional scanning methods. Additionally, the on-device system provides a unique view by analyzing how the site appears to real users.

This is important because scammers often design their sites to fool Google's automated crawlers. They show different content to actual users than the systems detect.

Chrome on Android now also has AI-powered warnings for suspicious or spam notifications. This ensures that notifications that are flagged as harmful are actually risky without exposing user data. When a notification is flagged, users will see a clear warning, allowing them to unsubscribe from a site or view potentially dangerous content.

LLM operates locally on the device, keeping sensitive data secure. Resource usage is carefully managed through optimizations, including asynchronous processing to avoid interruptions and controls to limit GPU usage . LLM only sends summary security signals to Safe Browsing for users with Enhanced Protection enabled, but even users with Standard Protection benefit.

This is great for everyone involved because you still get protection without having to register. However, the best security measures are to be careful and think twice before clicking on a link, listening to a caller, or downloading a file.

Jessica Tanner

Update 26 May 2025