Google’s Gemini AI Stops Malicious Ads at Scale — Inside the 2025 Ads Safety Results

Threat actors are increasingly using generative AI to create convincing, large-scale advertising scams, and traditional keyword filters have struggled to keep up. In response, Google integrated its Gemini AI models into its ad-safety systems, allowing the company to analyze vast behavioral and account signals in real time and block threats before they reach users. The change marks a notable shift from reactive moderation to proactive prevention, and Google’s 2025 Ads Safety Report shows the scale and impact of that shift.

Why keyword detection no longer suffices

Keyword-based filters catch obvious violations but fail against adaptable adversaries. Attackers can mask intent with innocuous phrasing, reworded copy, or rapidly rotated creative assets. Gemini addresses that gap by moving beyond surface text analysis to examine hundreds of billions of diverse signals — from account age and historical behavior to campaign-level patterns — to infer intent. That richer signal set helps the system detect sophisticated scams that try to hide behind benign-looking ads.

How Gemini determines malicious intent

Gemini’s models assess signals across multiple dimensions: account metadata, behavioral cues, creative consistency, and campaign relationships. By correlating these signals in real time, the system can identify anomalies that indicate coordinated or fraudulent activity. The models effectively learn patterns associated with scam campaigns — for example, networks of newly created accounts behaving similarly or sudden bursts of ad submissions tied to known fraud indicators — and act to stop those ads at submission rather than after they circulate.

Concrete results and scale of enforcement

The integration yielded dramatic enforcement numbers in 2025:

Over 8.3 billion malicious advertisements were blocked or removed globally.
24.9 million advertiser accounts were suspended for severe policy violations.
602 million ads tied specifically to fraudulent scam operations were intercepted.
4 million accounts directly associated with active scam campaigns were disabled.

Google also reports catching more than 99% of policy-violating ads before they reached users, reflecting the system’s ability to neutralize threats at the point of submission. In addition, most Responsive Search Ads were reviewed instantly by the end of 2025, and Google plans to extend instant review to other ad formats throughout the year.

Improving user reports and reducing false positives

Gemini didn’t just speed automated blocking — it scaled human review throughput as well. Google handled roughly four times as many user reports in 2025 compared to the previous year, enabling human experts to prioritize complex investigations. Importantly, the more nuanced analysis reduced collateral damage: the advanced models led to an 80% reduction in incorrect advertiser suspensions. Combined with a stricter advertiser verification program that validates identities up front, Google aims to remove harmful content while minimizing disruption to legitimate businesses.

What this means for advertisers and users

For users, the shift means fewer scammy ads and a safer browsing experience, as threats are actively intercepted before exposure. For advertisers, it signals the importance of transparent account practices and robust identity verification; legitimate advertisers who follow policies can expect fewer wrongful suspensions and more reliable ad delivery. For threat actors, the bar for success has been raised: automated, AI-driven defenses can now match scale with scale, spotting patterns that simple filters miss.

Looking ahead

Google’s deployment of Gemini is an example of applying large-scale AI defensively to secure an ecosystem under active attack. As adversaries continue to adopt generative tools, defenders will need similar advances in real-time analysis and verification. Expanding instant-review capabilities to more ad formats and sharpening identity verification are logical next steps. The 2025 results show progress, but the arms race between malicious actors and platform defenses is likely to continue — and innovation on both sides will shape the next phase of ad safety.