An AP and FRONTLINE investigation finds that ChatGPT, Gemini, and four named U.S. carriers handle much of the traffic and tooling for industrial scale online fraud at forced labor compounds in Myanmar.
When investigators traced more than 200,000 device connections from four Myanmar scam compounds, forced-labor sites where trafficked workers run industrial online fraud, about one in five signals flowed through a U.S.-registered carrier. The carriers identified by the investigation included Cogent Communications, Oracle, AT&T, and DigitalOcean. The AI models generating the scripts and personas were ChatGPT and Gemini.
That is the supply chain an Associated Press and FRONTLINE investigation published June 29 has now mapped, and it runs substantially through American infrastructure.
The dollar weight on the other end is heavy. The Federal Trade Commission estimated U.S. consumers lost nearly $200 billion to fraud in 2024, combining reported losses with statistical underreporting. Reported losses alone reached $12.5 billion that year. A Detroit Free Press column cites a record $15.9 billion in reported consumer fraud losses for 2025. TRM Labs, a blockchain analytics firm, traced tens of millions of dollars to wallets associated with scam-tool purchasers.
How the fraud actually runs
The compounds operate at a scale that would be impossible without modern tooling. C4ADS, a security nonprofit, analyzed two scam-software suites and found OpenAI's ChatGPT played the most prominent role, with Google's Gemini also embedded. The tooling enables cross-language replies, persona generation, and employee performance tracking. In one month, a single trafficked worker, Safeer Mohammed Koorimannil, impersonated a fictional 28-year-old Singaporean named "Ella" and targeted roughly 50,000 victims across 17 countries.
AP's methodology combined tens of thousands of leaked files, videos, and photos with on-the-ground interviews: 58 victims and three dozen current or former scammers from 19 countries. Researchers then analyzed 202,013 device connections at four compounds linked to U.S.-sanctioned entities, data sourced from the International Justice Mission. Within that dataset, the U.S.-carrier share was one in five.
Why upstream, not the inbox
Public attention to online fraud usually lands on the social-media ad or the phishing email the victim sees. That is the surface. The supply chain sits several layers farther back: AI models generating script and persona at scale, backbone carriers carrying the traffic, and satellite internet such as Starlink letting compounds reappear after internet crackdowns. Without the upstream stack, the downstream scam operation cannot run at industrial scale across dozens of languages.
That layering is what sharpens the accountability question. AP reports it found no evidence the named U.S. companies were doing anything illegal. The question raised by the investigation concerns enforcement of the companies' own terms of service that prohibit fraud, not criminal conduct.
What the companies say
OpenAI and Google told AP they run programs to disrupt scammer abuse. OpenAI said it banned three accounts after AP shared information. The named carriers and AI vendors, including OpenAI, Google, Cogent, Oracle, AT&T, and DigitalOcean, did not concede wrongdoing. Their responses are best read as company positions rather than independent validation.
The open question
The investigation documents capacity: the named U.S. companies have the technical means to identify and disrupt the traffic and tooling the compounds rely on. It does not document legal obligation, regulatory mandate, or commercial incentive to act at scale. AP, the FTC, and the carriers all agree the activity is prohibited by the platforms' own rules.
What is missing, and what the data leaves on the table, is the lever: whether the missing piece is a law, a regulator, a procurement policy, a banking correspondent pressure point, or a contractual obligation among peers.