Researcher Earns $500,000 Bug Bounty by Hacking Google Infrastructure with AI-Driven Fuzzing Pipeline
A security researcher known as brutecat used an AI-powered fuzzing pipeline to uncover over $500,000 in vulnerabilities across Google's internal APIs in under three months, exposing critical access-control flaws.
A security researcher known as brutecat has disclosed how an AI-driven fuzzing pipeline uncovered more than $500,000 in vulnerabilities across Google's infrastructure in under three months, exposing systemic access-control failures hidden inside roughly 1,500 APIs. The researcher began by targeting Google's discovery documents — machine-readable API specifications, similar to Swagger docs, that list all available endpoints, parameters, and methods. While these documents are publicly available for APIs like the YouTube Data API, many exist for internal Google APIs and require valid API keys to access.
Accessing most of them requires valid API keys, so the researcher and a collaborator, Michael Dalton, harvested credentials at scale. They scraped over 60,000 Android APKs, decrypted iOS binaries, and built a Chrome extension to intercept traffic across 2,800+ Google web domains, ultimately collecting around 3,600 keys. Because a single key often has multiple APIs enabled on its Google Cloud project, this trove unlocked broad reach. To stay within Google's program scope, the team filtered out non-Google keys using a Cloud Marketplace endpoint that resolves a project number to its owning domain.
They then bypassed the removed discovery paths, abused visibility labels like GOOGLE_INTERNAL to reveal hidden endpoints, and reverse-engineered Google's proprietary First Party Authentication (FPA v2) after sourcemaps briefly leaked the relevant frontend library. After collecting over 1,500 discovery documents from Google APIs, including hidden endpoints unlocked via undocumented GOOGLE_INTERNAL visibility labels, the researcher built a custom API Explorer capable of parsing any discovery document client-side and executing authenticated requests.
With the infrastructure in place, the researcher integrated Claude AI as an automated pentesting engine. The AI was given a set of custom tools — probe_api, report_vulnerability, and confirm_testing_complete — to systematically test every endpoint for broken access controls and IDOR (Insecure Direct Object Reference) vulnerabilities. The system was refined over a month through iterative prompt engineering. Key improvements included group-based endpoint classification, multi-key probing that automatically sent the same request across all known API keys, and standardized parsing of cryptic Google API error messages into human-readable labels. Once these improvements were in place, the AI's vulnerability reporting accuracy exceeded 50%, making manual review fast and efficient.
Among the most severe findings was a complete lack of access controls on gfibervoice-pa.googleapis.com, a Google Voice and Google Fiber management API. With a single unauthenticated curl command supplying only a victim's Gaia ID, an attacker could retrieve full PII including the victim's Google Voice number and account recovery phone number. More dangerously, the API also allowed an attacker to assign any phone number to a victim's Google account without authorization, with the number appearing under the victim's verified phones at myaccount.google.com/phone. This opened a path to potential account takeover (ATO) and SIM-swap-style attacks. Google rated this bug P0/S0, the highest possible severity and patched it within hours, awarding $20,000 for that single finding alone.
Other high-value findings included an AdExchange takeover ($30,000), a YouTube private video ID leak ($12,000), a Widevine DRM org takeover ($16,004), and multiple Cloud Console GraphQL flaws ($18,000-$30,000, including CVE-2026-8934). All vulnerabilities were reported responsibly through Google's VRP program. In total, the AI-assisted research campaign uncovered bugs across dozens of internal Google APIs, collectively earning the researcher $500,000 in bounty payouts in under 90 days.
The research underscores a critical shift in offensive security: AI is no longer just a defensive tool in the right hands; it becomes a highly scalable vulnerability discovery engine capable of uncovering critical flaws in even the world's most security-conscious organizations. The methodology — combining large-scale credential harvesting, reverse engineering of proprietary authentication, and AI-driven automated testing — represents a new frontier for bug bounty hunting and penetration testing.