Security researcher Arvin Shivram has revealed how a custom AI-powered testing system uncovered dozens of vulnerabilities across Google's vast API ecosystem, earning more than $500,000 in bug bounty rewards.
The findings included access control failures affecting Google Voice, Widevine DRM, AdExchange, YouTube, and several internal Google platforms.
Arvin Shivram detailed in a blog post how he spent months building an automated platform capable of probing Google's APIs at a scale that would be impractical for human testers alone. After collecting thousands of Google API keys from Android apps, web services, and other software artifacts, Shivram mapped more than 1,500 APIs and fed their documentation into an AI system designed to look for authorization and access-control weaknesses.
At the heart of the project were Google's “discovery documents,” machine-readable API descriptions similar to OpenAPI or Swagger specifications. By combining these documents with custom tooling that handled Google's authentication mechanisms, the researcher enabled the AI to automatically test endpoints, identify unusual responses, and flag potential vulnerabilities for manual verification.
Rather than simply scanning for known weaknesses, the system was trained to behave more like a penetration tester, grouping endpoints, experimenting with different inputs, comparing responses across API keys, and reporting only findings backed by evidence. The researcher continually refined the prompts and testing logic to reduce false positives and improve accuracy.
Google's infrastructure is among the largest on the internet, with thousands of interconnected services used internally and externally. Shivram said the AI ultimately became effective enough that more than half of its reported findings turned out to be legitimate security issues after review.
Among the most severe bugs was a flaw in a Google Voice-related API that lacked proper access controls. According to the researcher, attackers could retrieve sensitive account information associated with Google Voice users, including phone numbers and other account details. Shivram also found functionality that could assign Google Voice numbers to arbitrary accounts, a vulnerability Google reportedly classified as a top-severity issue and patched within hours.
Google's AdExchange advertising platform exposed a staging environment connected to production data, granting access to account information and administrative functions that should have been restricted. In some cases, the researcher demonstrated the ability to add users to AdExchange accounts without authorization.
The AI also uncovered weaknesses in Widevine, Google's widely used digital rights management (DRM) platform employed by streaming services such as Netflix and Disney+. The exposed APIs allowed access to organization information, encryption-related data, and user management functionality, potentially enabling unauthorized access to partner accounts.
Other findings included publicly accessible APIs linked to internal Google systems, leaks involving YouTube unlisted video identifiers, and exposure of sensitive information from internal privacy review and analytics platforms intended only for Google employees.
Google fixed the reported issues through its Vulnerability Reward Program and paid approximately $500,000 in rewards.
Leave a Reply