A year-long joint investigation by The Associated Press and PBS FRONTLINE has uncovered a sprawling, industrialized global fraud ecosystem operating out of unregulated scam compounds in Myanmar, powered largely by widely available artificial intelligence models and digital infrastructure from major United States technology companies. The investigation, which draws on tens of thousands of leaked internal scam center records, satellite imagery, network data analysis, and interviews with more than 50 scam victims and 36 current and former scammers from 19 countries, details how American tech tools have enabled transnational criminal networks to scale fraud to unprecedented levels, bilking victims out of hundreds of billions of dollars annually while exploiting a lack of U.S. regulatory pressure to force action.
One of the most chilling firsthand accounts of this system comes from Safeer Mohammed Koorimannil, a young Indian man who was trafficked into a U.S.-sanctioned Myanmar scam compound after being lured by a fake tourism job advertisement. Held against his will alongside hundreds of other trapped workers, Koorimannil was forced to impersonate a 28-year-old Singaporean woman named “Ella” to run romance scams, with a strict mandate: convince each target to fall in love within four days. On a typical work shift, he managed more than 100 active conversations across dozens of fake profiles simultaneously, while armed supervisors patrolled the rows of desks carrying electric batons to punish workers who failed to meet strict performance quotas. In just one month, Koorimannil and his team targeted roughly 50,000 potential victims across at least 17 countries, a scale of outreach that would have been impossible without AI-powered tools built on models from leading U.S. tech firms. Victims targeted in these schemes spanned every continent and walk of life: a widowed tailor in Kurdistan, a pastry chef in Turkey, a sheep farmer in Kyrgyzstan, active-duty soldiers in Iraq, a Russian engineer, a German building painter, an Argentine port officer, an Indonesian student, a Polish security guard, and a Georgian dairy farmer, among countless others. Records smuggled out of the compound by Koorimannil confirm the full scope of the operation.
The investigation, conducted with analytical support from Washington-based global security nonprofit C4ADS, found that two popular scam management tools—Kongtian Intelligent Customer Acquisition (KT) and Global Social Traffic Navigation (007TG)—are built on top of leading U.S. AI models, primarily OpenAI’s ChatGPT and Google’s Gemini. These tools enable scammers to automate core parts of the fraud process: generating convincing, natural-sounding chat responses, creating fully realized fake profiles and backstories for scammers to impersonate, and providing real-time translation across more than 100 languages to target victims across the globe. The platforms also automatically track worker productivity, making it easier for scam bosses to identify and punish underperformers. Blockchain analysis conducted by crypto analytics firm TRM Labs for the investigation found that developers of these scam tools have earned tens of millions of dollars in illicit revenue, while the scammers who use them have raked in well over $75 million in victim payments in just over a year. A single crypto wallet linked to 007TG received more than $860,000 in payments from known scam networks between April 2024 and December 2025, according to the analysis.
Trapped workers like Koorimannil face brutal violence for falling short of quotas. Photographs taken after one beating show his body covered in red, swollen lash marks, and he recalled that his hands would shake uncontrollably whenever supervisors approached his workstation. After months of captivity, Koorimannil and a friend paid a 500,000 Indian rupee (roughly $5,300) ransom per person to secure their release, escaping back to his home in southern India where he now shares his story to warn others.
Beyond AI models, the investigation found that U.S. companies provide the foundational digital infrastructure that allows these scam operations to function at all. An analysis of 202,013 device connections from four major Myanmar scam compounds linked to U.S.-sanctioned entities, conducted with data from anti-trafficking nonprofit International Justice Mission, found that one in five connection signals from these sites are routed through U.S.-registered internet service providers and cloud hosts, including Cogent Communications, AT&T, DigitalOcean, and Oracle. No other non-regional country comes close to this volume of scam traffic.
The investigation also confirmed that Elon Musk’s Starlink satellite internet service, operated by SpaceX, has become the top internet provider in Myanmar, and remains the service of choice for scam compounds even after multiple publicized crackdowns and U.S. government pressure. Satellite imagery shows that at least 25 new large-scale scam compounds have been built in remote areas of Myanmar since a high-profile crackdown along the Thai border in fall 2025, and analysis of geolocated device data found that scammers at 13 of these new outposts were actively using Starlink IP addresses to connect to the internet between March and May 2026. After Starlink cut service to more than 2,500 terminals near scam compounds in October 2025, its market share dropped from 15% to 6.5%, but rebounded rapidly by the end of the year. Today, Starlink holds nearly 20% of Myanmar’s internet market, making it the country’s largest provider—despite the company’s public map claiming it does not offer service in Myanmar at all.
Accounts from former scam workers lay bare the human cost of this unregulated access. Ebisa, an Ethiopian engineer who was trafficked to the Deko Park scam compound and forced to target wealthy older men, endured constant abuse for failing to meet impossible quotas. When he tried to escape, security guards beat him so severely he lost vision in one eye; he recently learned that the damage is irreversible. Another trafficked worker, Nigerian Obinna Okeadu, died after a brutal punishment beating for poor performance at Deko Park in 2025, according to accounts from his co-workers and family.
For victims in the United States and around the world, the impact of these scams is life-altering. Chris Colocousis, a 60-something divorced man from Massachusetts, lost $400,000 of his life savings to a romance scam run out of Myanmar, after a scammer using the name “Eliza” built a fake relationship and convinced him to invest all his retirement savings into a fraudulent crypto platform. “You just feel like your whole world fell apart,” Colocousis said. “I’m thinking about all this time that I invested into reaching a point where I could retire at a certain age—and it’s just gone.”
Cybersecurity and policy experts agree that while U.S. tech companies have the technical capacity to curb this abuse, they lack sufficient legal, regulatory, and financial incentives to take meaningful proactive action. The U.S. Federal Trade Commission estimates that consumer losses from global scams will reach nearly $200 billion in 2024, with most originating from Southeast Asian transnational criminal networks. “If there’s no disincentive to continuing this, if there’s no cost to actually facilitating scamming, then why would I spend a dollar to prevent scamming?” said Sascha Meinrath, Palmer Chair in Telecommunications at Penn State University. “This is the problem. It’s identifiable, it’s addressable—at least somewhat—but it costs something. And right now the cost of facilitating scamming is zero.”
While the United Kingdom, European Union, Australia, and Singapore have already enacted new regulations that impose financial penalties on tech companies that fail to prevent scam abuse, U.S. policymakers have only relied on voluntary cooperation from tech firms to date. The U.S. Attorney’s Office for the District of Columbia launched the Scam Center Strike Force in November 2025 to target transnational scam networks, and a four-day disruption operation in May 2026 worked with major tech firms to take down more than 1.4 million fraudulent accounts and seize illicit infrastructure. “We will not allow criminal organizations to weaponize our own infrastructure against us or devastate the life savings of hardworking families,” U.S. Attorney Jeanine Pirro told AP in a statement. “Our message is clear: we will find you, we will stop you, and we will protect the American people.”
In responses to the investigation’s findings, major tech companies have acknowledged the issue and taken limited targeted action. OpenAI said it has robust proactive detection systems that identify 95% of scam abuse and remove 100,000 scam-linked accounts each month, and after reviewing AP’s data, the company banned three accounts linked to Myanmar scam networks. OpenAI also noted that its model is used three times more often to help users identify and avoid scams than it is abused by scammers, and has partnered with the Global Anti-Scam Alliance to launch a public scam detection resource at scam.org. Google said it is committed to responsible AI development and builds safety guardrails into Gemini to block scam-promoting content. Oracle said it is “diligently working with law enforcement” on the issue, while AT&T has implemented new policy changes to close a loophole that allowed scammers to hide their traffic by routing it through AT&T’s network identity. Finland-based UpCloud, which operates U.S.-based servers, launched an internal review after receiving AP’s findings and updated its risk assessment processes. Starlink declined to respond to detailed requests for comment, but has publicly stated it has “zero tolerance” for illegal use of its service and proactively disables terminals linked to criminal activity.
Cybersecurity advocates argue that U.S. regulation needs to be updated to force proactive action, comparing the responsibility of tech companies to prevent scam abuse to the responsibility of water utilities to provide clean drinking water. “This has to be like clean water,” said Matthew Moynahan, CEO of cybersecurity firm GetReal Security. “Anything coming out of the tap for an end user, whether that tap is a PC, a browser somewhere, or your mobile phone, dirty water shouldn’t get to you. This is what this is.”
As AI capabilities continue to advance, experts warn that fully automated scams run entirely by AI agents—with no human scammer required—are just over the horizon. “We’re moving towards a world where maybe you don’t need human scammers anymore,” said Ari Redbord, global head of policy at TRM Labs. “All you need is hundreds, thousands, millions of agentic agents who don’t need to sleep, don’t need to eat, who are 24/7 doing this.”