News & Stories

Google’s AI search results recommend malicious websites

Ray Fernandez

Mar 29, 20245 min read

Google's AI search results recommend malicious websites: Header image

Since the early days of the Generative AI revolution, big tech companies have tried to integrate the new technology into modern search engines. GenAI promises to reimagine and transform the way we search for information, help us better understand results, and analyze vast amounts of information to present concisely.

In theory, AI-powered web search engines are a win-win solution for everyone, but in reality, they are failing at the most basic tasks. New findings reveal that Gen AI web search results seem to be easily tricked by cybercriminals, who master the search algorithms and force GenAI systems to show off malicious websites, phishing sites, and other malware-linked online content as top results. 

Google AI-powered SGE directs users to malicious sites 

The history of search generative experience (SGE) began in 2023 when Google announced a new era of Search: one powered by GenAI. The project, later to be known as SGE, expanded to more than 120 countries and territories by November 2023.

On March 22, SEO consultant Lily Ray first discovered that Google’s SGE was recommending spam, phishing, and malicious websites as top results in AI-style conversational responses after a Google search. 

Malvertising and SEO poisoning spilling into AI search engines

Google assured that SGE is a technology that they hold to even higher standards when it comes to generating responses and dealing with quality information. However, the integration of AI into Google Search, which resulted in SGE, was designed to operate with the existing core fundamentals of security and privacy that Google Search works with. But these fundamentals are flawed.

Screenshot of Google Search Labs AI experiments.
A screenshot of Search Labs AI experiment where SGE can be accessed and tested.

As Moonlock reported in February, Google Search has become a tool for spreading malware. Cybersecurity studies and experts have proven that cybercriminals are turning to manipulating Google Ads search engine policies and SEO guidelines to bypass guardrails and run malicious ads on the platform, luring victims into malicious sites or malware. 

Because Google SGE is founded on Google search, SEO, and security practices and policies, which have been compromised, it can only be assumed that Google SGE and recommendations are less than impenetrable. 

The Google SGE AI search engine experience is still not available in every country, and even for users living in supported countries, the function still may not be visible. SGE can be accessed by clicking on the Google Labs icon visible on the upper left of a Google account.

An image that shows how to access Search Labs by clicking its icon on the upper left of a Google Account.
To access Search Labs, click its icon on the upper left in your Google Account. Google is a trademark of Google LLC. Image: Screenshot.

User tests, research, and analysis of SGE performance

Days after SEO consultant Lily Ray made public that SGE was pushing malicious sites in its recommendations, the news spread rapidly throughout the tech media.

Bleeping Computer decided to put SGE through the fire tests and figure out just how dangerous the sites recommended by this new AI-powered Google tech are.

After analyzing the SGE results, Bleeping Computer concluded that SGE showed signs of SEO poisoning campaigns and redirected users through a series of redirects until they reached a scam site.

They also found that when clicking on SGE results, the user is frequently taken to fake captchas and fake YouTube sites, pop-ups, push notifications to subscribe, spam sites, fake giveaways, unwanted browser extensions known for being search hijackers, and potentially unwanted programs.

What we found: SGE promotes poor-quality and suspicious sites 

To corroborate the results, Moonlock also accessed Google’s SGE to test the AI tech. We attempted to replicate the prompts that triggered SGE to redirect the SEO Consultant and Bleeping Computer to malicious sites. While we got cleaner results, the quality of the links was surprisingly low.

Moonlock also tested different types of keywords associated with malware, fraud, and scams, and we found strange redirects leading to nowhere or suspicious sites, push notifications urging us to allow push notifications, information-gathering sites, and other unwanted content. 

The malicious websites that SGE recommends are definitely a serious issue. However, what shocked us during our test was that SGE consistently suggested extremely low-quality sites.

The majority of results and websites that SGE recommended during our test were not trusted media, known sources, or content from authorities. Instead, SGE recommended random blogs, unknown companies, e-commerce sites, and other questionable sources.

Image of SGE results showing extremely low quality website recommendations.
A screenshot of SGE results showing extremely low-quality website recommendations. Google is a trademark of Google LLC.

It is evident that the way cybercriminals manipulate Google Search fits like a glove into Google AI SGE.

It is no secret that search engine companies are being pressured to take action and rid search engines of malicious ads and results. This makes it all the more shocking that SGE, driven by AI, is doing the same, as this is a technology that represents the future and the new era of AI web browsing. 

Image of a strange site that SGE reccomended us in our test.
A screenshot of a strange site that SGE recommended during our test. This result led us on a long series of redirects. Google is a trademark of Google LLC.

How can users stay safe with AI search engines?

The recent discovery of AI search engines recommending malicious websites highlights the need for user vigilance. Here’s what you can do to stay safe.

Critical thinking is key 

Don’t blindly trust AI-generated results. Treat them as suggestions, not definitive answers. Look for established sources and reputable websites, especially when dealing with sensitive topics like finance or health.

Beware of redirects and pop-ups

Phishing sites often rely on redirects and deceptive pop-ups to trick users.  Be wary of clicking on links that seem suspicious, and avoid websites that bombard you with pop-ups.

Scrutinize results 

Pay attention to website URLs. Legitimate sites typically use URLs that clearly identify the organization. Avoid clicking on links with nonsensical strings of characters or strange domain extensions.

Practice safe browsing habits

Use a reputable security suite with antimalware protection. Keep your browser and operating system up to date, as updates often include security patches.

Final thoughts

Once again, users must take control of their own safety and privacy. With malvertising on the rise as a popular social engineering technique, cybercriminals have the upper hand when it comes to search engine ads and results.

It is up to users to stay clear of the bad apples that exist in the Google Search platform, because neither Google Ads nor Google SGE seems to have a grip on the criminal trend. 

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Google LLC. Google, Google Ads, and Google SGE are trademarks of Google LLC.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.