Google AI Mode Hits 1 Billion Users — Then a Security Researcher Finds a Flaw

Google had a significant week. Not everything that happened was good news.

AI Mode — The Billion User Milestone Nobody Celebrated

AI Mode is Google's most powerful AI Search, and it has surpassed more than 1 billion monthly users. Google is upgrading the experience with Gemini 3.5 Flash as the new default model, globally. AI Mode queries have more than doubled every quarter since launch. And last quarter, Google saw Search queries reach an all-time high.

One billion monthly users of AI Mode. That number deserves a moment of pause — not because it is impressive, but because of what it means for everyone who is not Google.
We have reported consistently that AI Overviews — the predecessor to AI Mode — reduced organic click-through rates to external websites by up to 61%. AI Mode is more capable, more comprehensive and more likely to answer queries without requiring a click than AI Overviews ever was. One billion users engaging with a system designed to keep them inside Google's ecosystem is one billion fewer clicks reaching European publishers, specialised information sites, comparison tools and the open web.

Google also launched the biggest upgrade to its Search box in over 25 years — a new intelligent Search box, now completely reimagined with AI. You can search using text, images, files, videos and Chrome tabs and Search reasons across them all.

A search box that accepts files, videos and Chrome tabs as input. Not a text query. A multimodal interface that processes everything you show it. The search engine that indexed the web is becoming the AI that understands your entire digital context.

The Security Flaw — Deleted Keys That Are Not Deleted

The most concerning Google story of the week has nothing to do with user growth or AI capabilities.
A security researcher disclosed a significant design flaw: Google API keys remain fully active and usable after explicit deletion. The vulnerability means that developers and enterprises who believe they have revoked API access — after a security incident, an employee departure or a contract termination — may still have active keys that can be used to access Google's AI services, including Gemini.

The implications for enterprise security are serious. Standard security practice after any credential compromise is to revoke and rotate API keys immediately. If deleted Gemini API keys remain active, this standard response is ineffective. An attacker who has obtained a Gemini API key cannot be locked out simply by deleting it in the Google Cloud console.

For European enterprises operating under GDPR's data breach notification requirements — which mandate notification within 72 hours of discovering a breach — a vulnerability that makes credential revocation ineffective is a material compliance risk. Google has not yet publicly confirmed a fix timeline.

WebMCP — Google's Open Standard for AI Agents

Google proposed WebMCP at I/O 2026's developer keynote — an open W3C standard that lets websites expose structured actions to browser-based AI agents via Chrome. The standard would allow AI agents like Gemini Spark to interact with websites through a standardised API rather than scraping or interpreting HTML.

WebMCP is Google's attempt to define the protocol through which AI agents interact with the web — before any competing standard gains traction. If WebMCP becomes a W3C standard, every website that wants to be accessible to AI agents must implement Google's specification.
The parallel to the Universal Commerce Protocol is exact: Google proposes an open standard, becomes the reference implementation, and uses its browser and search dominance to make adoption effectively mandatory. The "open" standard becomes a Google-controlled infrastructure layer.

BEUC Files DSA Complaints — Europe Pushes Back

BEUC — the European Consumer Organisation — filed Digital Services Act complaints against Google, Meta and TikTok over financial scam ads. BEUC documented 900 scam ads across the three platforms, with 52% of reports being ignored or rejected by the platforms. The complaints argue that the platforms are failing their Very Large Online Platform obligations under the DSA to prevent illegal advertising.

BEUC's DSA complaints are significant for three reasons. First, they demonstrate that European consumer organisations are actively using the DSA's enforcement mechanisms — the legislation is not dormant. Second, the 52% rejection rate for scam ad reports suggests that Google, Meta and TikTok's content moderation systems are systematically failing for financial scam content. Third, the complaints target AI-generated financial scam ads specifically — content that human moderators cannot keep up with at the scale that AI generation enables.

What This Means for GAFAM

This week's Google stories together paint a picture that the billion-user AI Mode headline alone obscures. Google is simultaneously reaching unprecedented scale in AI Search, facing security vulnerabilities in its AI credential management, proposing infrastructure standards that would make it the gatekeeper of AI-web interaction, and being formally complained against under EU law for failing to moderate AI-generated scam content.

Scale and accountability are moving in opposite directions. As Google's AI reach expands, so does the surface area of its responsibility — and the gap between what it controls and what it polices.

The European Perspective