Researcher Earns $500K Fuzzing Google APIs with Claude
Key insights
- Shivram reverse-engineered Google's First Party Authentication v2 from leaked sourcemaps, enabling access to internal APIs invisible to standard external security testing.
- Multiple high-value finds came from staging environments connected to live production data with no authorization checks, a recurring structural pattern across Google's API surface.
- Claude's MCP-driven automation identified complex access-control failures across 1,500+ APIs, with individual payouts reaching $36,500 for Vertex AI Translation Hub flaws.
Why this matters
Shivram's $500,000 campaign demonstrates that AI-assisted fuzzing can now systematically audit enterprise-scale API surfaces that previously required large red teams and deep institutional knowledge. The reconstruction of Google's internal FPA v2 authentication protocol from publicly available leaked sourcemaps signals that internal auth systems offer a meaningful attack surface once build artifacts are exposed. For security teams managing large numbers of internal APIs, the automation gap between attacker and defender has narrowed to a single researcher with an LLM and a handful of MCP tools.
Summary
Arvin Shivram collected $500,000 from Google by building a Claude-driven pipeline to fuzz 1,500+ APIs for access-control flaws.
The approach: 61,200 Android APKs mined for API keys, a Chrome extension across 2,800+ Google domains, and Google's First Party Authentication v2 reverse-engineered from leaked sourcemaps. Claude probed automatically via three custom MCP tools (probe_api, report_vulnerability, confirm_testing_complete).
Essentially: (Arvin Shivram, Google) one researcher systematically outpaced Google's internal API audit capacity.
- Vertex AI Translation Hub paid $36,500 for three bugs including cross-tenant metadata access and a GCS bucket exfiltration path.
- An AdExchange staging environment had no auth checks on live production data ($30,000); Widevine DRM was fully compromised for $16,004.
Google patched the most critical finds within hours and flagged multiple reports as exceptional quality, but the campaign shows how authorization debt accumulates across large API estates faster than manual review can track.
Potential risks and opportunities
Risks
- Widevine DRM licensors and content partners could face contractual exposure if the full key management compromise allowed any real-world decryption before Google deployed its patch.
- If Shivram's FPA v2 reconstruction technique is widely replicated, Google's internal API authentication layer is effectively auditable by any researcher with access to the same leaked sourcemaps.
- Google employees whose data appeared in the Eldar.corp.google.com internal privacy request system had personal information exposed via a public API, with no patch timeline disclosed in the article.
Opportunities
- API security vendors gain a high-profile, quantified demonstration case for automated API inventory and authorization-control auditing at enterprise scale.
- Security tooling companies building LLM integrations via MCP can reference this campaign as a validated architecture for AI-assisted fuzzing across large API surfaces.
- Google's bug bounty program may expand structured API-class categories or raise per-finding caps given the volume and documented exceptional quality of a single researcher's submissions.
What we don't know yet
- Whether Google has patched the Nest device deanonymization chain, which had no bounty amount or patch timeline disclosed in the article.
- How Google plans to address staging-to-production data isolation systemically, given the same structural failure appeared across AdExchange, PLX/DataHub, and Cloud Console GraphQL findings.
- Whether the $500,000 total is a complete accounting, since some findings such as Nest deanonymization have no disclosed bounty amount.
Originally reported by brutecat.com
Read the original article →Original headline: Security Researcher Uses Claude AI and MCP to Fuzz Google's 1,500+ APIs, Earns $500,000 in Bug Bounties Over Three Months