CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 11, 2026

Researcher Hacked Google Using AI and Earned $500,000 Bug Bounty

Cybersecurity News Archived Jun 11, 2026 ✓ Full text saved

A security researcher known as brutecat has disclosed how an AI-driven fuzzing pipeline uncovered more than $500,000 in vulnerabilities across Google’s infrastructure in under three months, exposing systemic access-control failures hidden inside roughly 1,500 APIs. The researcher began by targeting Google’s discovery documents machine-readable API specifications, similar to Swagger docs, that list all available endpoints, parameters, and […] The post Researcher Hacked Google Using AI and Earned

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Researcher Hacked Google Using AI and Earned $500,000 Bug Bounty By Guru Baran June 11, 2026 A security researcher known as brutecat has disclosed how an AI-driven fuzzing pipeline uncovered more than $500,000 in vulnerabilities across Google’s infrastructure in under three months, exposing systemic access-control failures hidden inside roughly 1,500 APIs. The researcher began by targeting Google’s discovery documents machine-readable API specifications, similar to Swagger docs, that list all available endpoints, parameters, and methods. While these documents are publicly available for APIs like the YouTube Data API, many exist for internal Google APIs and require valid API keys to access . Vulnerability Affected Service Bounty CVE Google Voice / Fiber account takeover — unauthenticated PII + recovery phone leak, arbitrary number assignment (P0/S0) gfibervoice-pa.googleapis.com $20,000 — AdExchange takeover — staging pointed at prod data, read accounts + add self as admin (2 issues) adexchangebuyer $30,000 — Eldar internal privacy-assessment API exposed publicly (rewarded x2) eldar-pa.clients6.google.com $26,674 — YouTube unlisted/private video ID leak via auto-generated Content ID assets YouTube Content ID API $12,000 — Widevine DRM takeover — leaked orgs, encryption keys, self-add to any org alkaliwidevineintegrationconsole-pa $16,004.40 — PLX / DataHub — setIamPolicy self-grant as dataset owner, dump confidential YouTube data (2 issues) datahub (staging) $12,000 — Nest device-owner deanonymization — sequential ID → Gaia ID, chained to email via Play Books license nestauthproxyservice-pa Not specified — Translation Hub — unauth ListOperations, cross-tenant read/write, GCS exfil (3 issues) translationhub.googleapis.com $36,500 — YouTube TV CMS — no access control on campaign CRUD, leaked CMS account emails alkalitvfilm-pa $24,000 — Vertex AI Search for Commerce — unauth read/write of intent-classification config (prompt injection) retail.googleapis.com $30,000 — Cloud Console GraphQL — App Engine request-log leak (no auth) cloudconsole-pa (GAE_GRAPHQL) $18,000 CVE-2026-8934 Cloud Console GraphQL — Vertex Assistant unauth session read/write cloudconsole-pa (AIPLATFORM_GRAPHQL) $30,000 — Cloud Console GraphQL — Google Maps Platform billing-credit + PII leak cloudconsole-pa (GMP_GRAPHQL) $12,000 — Accessing most of them requires valid API keys, so the researcher and a collaborator, Michael Dalton, harvested credentials at scale. They scraped over 60,000 Android APKs, decrypted iOS binaries, and built a Chrome extension to intercept traffic across 2,800+ Google web domains, ultimately collecting around 3,600 keys. Because a single key often has multiple APIs enabled on its Google Cloud project, this trove unlocked broad reach. To stay within Google’s program scope, the team filtered out non-Google keys using a Cloud Marketplace endpoint that resolves a project number to its owning domain. They then bypassed the removed discovery paths, abused visibility labels like GOOGLE_INTERNAL to reveal hidden endpoints, and reverse-engineered Google’s proprietary First Party Authentication (FPA v2) after sourcemaps briefly leaked the relevant frontend library. After collecting over 1,500 discovery documents from Google APIs, including hidden endpoints unlocked via undocumented GOOGLE_INTERNAL visibility labels, the researcher built a custom API Explorer capable of parsing any discovery document client-side and executing authenticated requests. With the infrastructure in place, the researcher integrated Claude AI as an automated pentesting engine. The AI was given a set of custom tools — probe_api, report_vulnerability, and confirm_testing_complete to systematically test every endpoint for broken access controls and IDOR (Insecure Direct Object Reference) vulnerabilities. The system was refined over a month through iterative prompt engineering. Key improvements included group-based endpoint classification, multi-key probing that automatically sent the same request across all known API keys, and standardized parsing of cryptic Google API error messages into human-readable labels. Once these improvements were in place, the AI’s vulnerability reporting accuracy exceeded 50%, making manual review fast and efficient . Among the most severe findings was a complete lack of access controls on gfibervoice-pa.googleapis.com, a Google Voice and Google Fiber management API. With a single unauthenticated curl command supplying only a victim’s Gaia ID, an attacker could retrieve full PII including the victim’s Google Voice number and account recovery phone number. More dangerously, the API also allowed an attacker to assign any phone number to a victim’s Google account without authorization, with the number appearing under the victim’s verified phones at myaccount.google.com/phone . This opened a path to potential account takeover (ATO) and SIM-swap-style attacks. Google rated this bug P0/S0, the highest possible severity and patched it within hours, awarding $20,000 for that single finding alone. All vulnerabilities were reported responsibly through Google’s VRP program. In total, the AI-assisted research campaign uncovered bugs across dozens of internal Google APIs, collectively earning the researcher $500,000 in bounty payouts in under 90 days. The research underscores a critical shift in offensive security: AI is no longer just a defensive tool in the right hands; it becomes a highly scalable vulnerability discovery engine capable of uncovering critical flaws in even the world’s most security-conscious organizations. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Hackers Use Tax Phishing Emails to Deploy In-Memory Malware on Windows Systems Hackers Abuse AWS CloudTrail and Google Cloud Logging to Evade Detection and Exfiltrate Logs Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks New Browser-in-the-Browser Phishing Attack to Steal Microsoft 365 Logins Anthropic Released Claude Fable 5, the First Model in Mythos Class Latest News AI Claude Mythos Turning N-Days Into N-Hours With Rapid Working Exploit Creation Cyber Security CISA Warns of Check Point Security Gateway Vulnerability Actively Exploited in Ransomware Attacks Cyber Security News Hackers Use Weaponized DMG Files to Target macOS Users With Infostealer Malware Cyber Security News Hackers Use BLUERABBIT Backdoor to Encrypt Files and Wipe Disks Across Windows Systems Cyber Security News Hackers Abuse Residential Proxy Networks to Hide Malicious Activity and Evade Detection
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 11, 2026
    Archived
    Jun 11, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗