AI-Powered Fuzzing Uncovers Critical Google API Flaws, Nets Researcher $500K in Bounties
In a groundbreaking three-month campaign, security researcher Arvin Shivram leveraged an AI-driven fuzzing framework to uncover critical access-control vulnerabilities across Google’s internal API infrastructure, earning $500,000 through the company’s Vulnerability Reward Program (VRP). The effort, which began after Shivram’s participation in bugSWAT Mexico in October 2025, demonstrated how AI when paired with meticulous reconnaissance and human validation can identify high-severity flaws at an unprecedented scale.
Shivram and collaborator Michael conducted extensive pre-testing reconnaissance, scraping over 60,000 Android APKs, intercepting API traffic across 2,800+ Google domains, and harvesting 3,600+ embedded API keys. They also brute-forced subdomains and analyzed certificate transparency logs to map 1,500+ live internal APIs, many hidden behind undocumented parameters like ?labels=GOOGLE_INTERNAL. A key breakthrough came when Michael reverse-engineered Google’s proprietary First Party Authentication (FPA) v2 system, exploiting leaked source maps to generate valid authorization headers and gain authenticated access to restricted endpoints.
The AI model, trained on Google’s machine-readable API specifications and refined over a month, was instructed to emulate a VRP researcher, probing endpoints with tools to test, report, and validate vulnerabilities. Early iterations produced excessive false positives, but after implementing strict classification rules such as requiring confirmed Insecure Direct Object Reference (IDOR) leaks exposing real user data the AI’s accuracy surpassed 50%. Each reported bug included operation IDs and request/response pairs, streamlining verification via Shivram’s custom API Explorer UI.
Among the most severe findings was a Google Voice Account Takeover (ATO) vulnerability in gfibervoice-pa.googleapis.com, which allowed unauthenticated attackers to retrieve a victim’s phone number, Gmail recovery address, and call forwarding settings using only their Gaia ID. The flaw, rated P0/S0 (highest severity), was patched within hours, earning a $20,000 bounty. Other critical discoveries included an AdExchange ATO chain exposing publisher accounts and a sandbox environment with broken access controls, as well as a support.google.com CMS API leak revealing internal account manager assignments.
The campaign’s documented vulnerabilities ranging from Critical to Medium severity highlighted systemic access-control weaknesses across Google’s services. All reported flaws were confirmed fixed before disclosure, underscoring the efficacy of AI-assisted security research when paired with rigorous human oversight. The effort sets a new benchmark for automated vulnerability discovery, proving that large-scale API testing can uncover real-world threats beyond manual capabilities.
Source: https://gbhackers.com/researcher-hack-google-earns-500000-bug-bounty/
Google cybersecurity rating report: https://www.rankiteo.com/company/google
"id": "GOO1781253053",
"linkid": "google",
"type": "Vulnerability",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology / Internet Services',
'location': 'Global',
'name': 'Google',
'size': 'Large Enterprise',
'type': 'Technology Company'}],
'attack_vector': 'AI-driven fuzzing, reconnaissance, and reverse engineering',
'data_breach': {'personally_identifiable_information': ['Phone numbers',
'Gmail recovery '
'addresses',
'Gaia IDs'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Internal Account Data']},
'description': 'Security researcher Arvin Shivram leveraged an AI-driven '
'fuzzing framework to uncover critical access-control '
'vulnerabilities across Google’s internal API infrastructure, '
'earning $500,000 through Google’s Vulnerability Reward '
'Program (VRP). The campaign demonstrated how AI, paired with '
'reconnaissance and human validation, can identify '
'high-severity flaws at scale. Vulnerabilities included a '
'Google Voice Account Takeover (ATO), AdExchange ATO chain, '
'and a support.google.com CMS API leak.',
'impact': {'brand_reputation_impact': 'Moderate (public disclosure of '
'vulnerabilities)',
'data_compromised': 'User phone numbers, Gmail recovery addresses, '
'call forwarding settings, publisher account '
'details, internal account manager assignments',
'identity_theft_risk': 'High (exposure of personally identifiable '
'information)',
'operational_impact': 'Potential account takeovers, unauthorized '
'access to internal systems',
'systems_affected': ['Google Voice API '
'(gfibervoice-pa.googleapis.com)',
'AdExchange API',
'support.google.com CMS API',
'Google’s internal API infrastructure']},
'initial_access_broker': {'high_value_targets': ['Google Voice API',
'AdExchange API',
'support.google.com CMS API'],
'reconnaissance_period': 'Three months'},
'investigation_status': 'Completed (All vulnerabilities patched)',
'lessons_learned': 'AI-assisted security research can uncover high-severity '
'vulnerabilities at scale when paired with human '
'validation. Systemic access-control weaknesses in API '
'infrastructure require rigorous testing and monitoring.',
'motivation': 'Bug Bounty Hunting / Security Research',
'post_incident_analysis': {'corrective_actions': ['Patches applied to '
'vulnerable APIs',
'Enhanced authentication '
'and authorization checks',
'Improved API documentation '
'and monitoring'],
'root_causes': ['Inadequate access controls in '
'internal APIs',
'Exposure of undocumented API '
'parameters',
'Leaked authentication mechanisms '
'(FPA v2)']},
'recommendations': ['Implement stricter access controls for internal APIs',
'Enhance authentication mechanisms (e.g., FPA v2)',
'Monitor and revoke exposed API keys proactively',
'Adopt AI-driven fuzzing for continuous security testing',
'Improve documentation and transparency of internal APIs'],
'references': [{'source': 'Bug Bounty Disclosure'}],
'response': {'communication_strategy': 'Public disclosure after fixes were '
'confirmed',
'containment_measures': 'Patches applied to vulnerable APIs',
'incident_response_plan_activated': 'Yes (Google’s Vulnerability '
'Reward Program)',
'remediation_measures': 'Fixed access-control flaws, revoked '
'exposed API keys, and enhanced '
'authentication mechanisms'},
'threat_actor': 'Arvin Shivram and Michael (Security Researchers)',
'title': 'AI-Powered Fuzzing Uncovers Critical Google API Flaws, Nets '
'Researcher $500K in Bounties',
'type': 'API Vulnerability',
'vulnerability_exploited': ['Insecure Direct Object Reference (IDOR)',
'Broken Access Control',
'First Party Authentication (FPA) v2 '
'Exploitation']}