Researcher Hacked Google Using AI and Earned $500,000 Bug Bounty

A researcher used an AI-driven fuzzing pipeline plus harvested API keys and custom tooling to discover systemic access-control failures in roughly 1,500 Google APIs, uncovering PII leaks, account-takeover vectors (notably a Google Voice/Fiber API), Widevine key exposure, and other high-severity flaws; the campaign earned over $500k in bounties after responsible disclosure and prompted rapid patching of critical issues.