I see Google rolling out new Agency Admin and Standard roles in Merchant Center for Agencies, giving agencies a more centralized way to control client access while improving security and day-to-day efficiency.
What is new: I can now look at client access differently because clients are linked directly to an agency instead of being tied to individual users. That makes it easier to manage permissions from one place, especially when team members join, move roles, or leave.
I also see custom labels becoming a useful part of this update. Agency Admins can organize client accounts by brand, business vertical, internal team, or another structure that fits how the agency works.
Those labels can then be used to give Standard users access to groups of accounts in bulk. For me, that is the practical improvement: agencies no longer need to configure access one account at a time when the same permission logic applies across multiple clients.
Why I care: Agencies managing several Merchant Center accounts have often had to depend on user-level permissions, which can make onboarding, offboarding, and account management more cumbersome than they need to be. This role-based structure moves client management to the agency level, which should reduce administrative work and strengthen access controls.
How it works: Agency Admins get full administrative privileges inside the Merchant Center agency account. In that role, I can link and unlink clients’ Merchant Center accounts, add or remove Standard users, modify Standard users, manage their access to client accounts, and create custom labels for organizing clients.
Standard users receive more limited permissions, which helps agencies follow stronger security practices. I see this as a way to make sure team members only access the client accounts they actually need.
Bottom line: For agencies managing large client portfolios, I expect centralized client linking, bulk access management, and customizable account labels to reduce manual work while making Merchant Center administration more secure and scalable.
I’m looking at Google Ads API v24.2 as a practical update for advertisers and developers, especially because it brings together stronger security controls, AI transparency features, better reporting and new experiment options in one release.
What’s new. The biggest security addition I see is support for multi-party approvals, or MPA. This requires a second administrator to approve sensitive account actions, including user invitations and access-level changes, which gives agencies and larger organizations another layer of protection when managing Google Ads accounts.
I’m also watching Google’s expanded support for AI-generated content disclosures. The API now exposes new SyntheticContentInfo and SyntheticContentAttestation fields on assets and ads, so developers can identify and label AI-generated creative programmatically. This is especially relevant for advertisers preparing for the EU AI Act, which takes effect on August 2nd.
Developers can start building integrations now, although I’d note that advertiser attestation fields will remain read-only until v25 launches.
Performance Max gets more visibility. I see one of the most useful changes in version 24.2 as the added visibility for Performance Max campaigns. Advertisers can now segment performance_max_placement_view reports by ad_network_type, making it easier to understand where ads are appearing across Search, Display and partner networks.
The release also adds YouTube brand channel linking through the API, which should make video campaign integrations stronger. I’m also noting the new landing page text generation option, which can automatically create text assets from a website’s landing page.
New testing capabilities. Google is expanding experimentation tools with two new experiment types, and I see both as useful for advertisers who want more structured ways to compare campaign changes.
The new COMPARE_CAMPAIGNS workflow lets advertisers compare multiple campaigns or campaign types across as many as five experiment arms, including custom Performance Max experiments.
A second experiment type lets advertisers test text customization and final URL expansion inside a single Performance Max campaign by splitting traffic between variations.
Documentation improvements. I also appreciate that Google has reorganized its API release notes by separating breaking changes from feature updates. It has also introduced a dedicated guide for feature deprecations and unversioned changes, which should make future upgrades easier to manage.
Why I care. This release may not be a dramatic overhaul, but I see it as a meaningful step for teams that need to prepare for AI disclosure requirements, tighten account security and get more useful Performance Max reporting.
GlobalMed is the world leader in evidence-based digital health solutions. As I looked at the company’s work, what stood out most was the level of trust it has earned from the White House Medical Unit, the U.S. Department of Veterans Affairs, the Department of Defense, and healthcare organizations across more than 60 countries. After more than two decades and over 100 million consultations, GlobalMed has helped define what clinical-grade virtual care can look like in some of the world’s most demanding environments.
I sat down with CEO Joel E. Barthelemy to understand what separates GlobalMed from the wave of telehealth companies that emerged in recent years, and why he believes evidence-based virtual care is what truly moves the needle on patient outcomes.
First Page Sage: I’ve watched telehealth become crowded since the pandemic. What does GlobalMed offer that a standard video visit simply cannot?
Joel E. Barthelemy: When people hear the word “telehealth,” they often picture a basic video call where a patient describes symptoms to a provider. What they usually do not picture is a virtual visit that can come close to an in-person examination, and that is exactly what we built GlobalMed to deliver. Our integrated telemedicine platforms combine FDA-cleared diagnostic devices with secure, enterprise-grade software into a complete care ecosystem. When a physician uses our system, they can receive real-time ECG data, digital stethoscope auscultation, medical-grade wound imaging, and comprehensive vital metrics. That level of clinical information leads to better care and better patient outcomes.
First Page Sage: I know GlobalMed serves some of the most demanding clients in the world, including the VA, DoD, and the White House. How has serving those environments shaped the technology you bring to broader healthcare markets?
Barthelemy: It forces excellence at every level. There is no room for “mostly works” when you are protecting a President’s health or treating a combat-wounded veteran in a remote military installation.
Every GlobalMed system operates under military-grade encryption, full HIPAA compliance, and Authority to Operate certifications that most telehealth competitors simply cannot achieve. We are SOC 2 Type 2 compliant and hold ISO 13485 certification. Our hardware is also built to operate in submarines, disaster zones, and austere environments where civilian platforms would fail.
That engineering discipline does not stay confined to government contracts. It flows into every solution we deploy, whether we are supporting a rural critical access hospital, a large health system, or an enterprise wellness program. Our private-sector clients get the same zero-failure standard we deliver to the most security-sensitive healthcare environments on Earth.
First Page Sage: I see rural healthcare access becoming a growing crisis in America. How is GlobalMed’s technology helping close the gap between where specialists are and where patients actually live?
Barthelemy: In North Dakota, a young Veteran diagnosed with Complex PTSD was driving hours across the Great Plains in brutal winter conditions just to see a psychiatrist because his local community-based outpatient clinic had no behavioral health services on staff. When the VA’s National Telemental Health Center deployed GlobalMed telemedicine stations at that clinic, he could finally see a psychiatrist without leaving his community.
That is one patient, but the VA’s broader deployment tells a more complete story. The VA’s National Telemental Health Center used GlobalMed solutions to connect Veterans in areas without local behavioral health services to expert psychiatric care, allowing them to see a psychiatrist from their own Community Based Outpatient Clinic instead of driving hours each way. The eNcounter® platform connects rural clinic equipment to remote specialists in real time, with diagnostic data and patient records available through one unified system.
For settings without fixed clinic infrastructure, the Transportable Exam Backpack extends that same capability into the field. Coplin Health in West Virginia uses four of these units to deliver primary care across rural communities where a permanent facility is not viable. In Ecuador, a healthcare organization uses two units to bring diabetes care directly to rural patients who previously had no access to specialist services. In each case, the combination of portable diagnostic hardware and the eNcounter® platform is what makes the care clinically meaningful rather than just another video call.
First Page Sage: I’m also seeing more interest in integrating conventional medicine with preventive and holistic care approaches. How does GlobalMed’s platform support comprehensive, whole-person care delivery?
Barthelemy: The practical challenge for any provider trying to deliver whole-person care is visibility. If a patient is seeing a primary care physician, a behavioral health provider, and a specialist, each provider is usually working from an incomplete picture of what the others are doing.
GlobalMed’s eNcounter platform integrates with most major EHR systems, which means a provider conducting a virtual consultation can access lab results, specialist notes, and patient-reported outcomes in one place instead of working from a partial record. When you layer in tools like iAmbientHealth, which passively monitors vitals, sleep patterns, and movement at home, or Canary Speech, which objectively screens for behavioral and cognitive health changes during consultations, providers get a broader view of how a patient is functioning day to day, not just what their numbers look like during a clinic visit.
That continuity matters when someone is managing multiple conditions or combining conventional treatment with preventive approaches. A cardiologist reviewing remote monitoring data alongside behavioral health notes can adjust a treatment plan with more context than a standard fifteen-minute appointment provides. The platform does not require care teams to change how they practice. It gives them more complete information to work with.
First Page Sage: As I think about the next five years, what should healthcare executives and organizational leaders keep in mind when they evaluate virtual care investments?
Barthelemy: I would start by asking whether the technology delivers evidence, not just access.
The telehealth market is full of platforms that make virtual visits possible. What they cannot all deliver is the clinical-grade diagnostic data that makes those visits meaningful. Any platform can put a doctor and patient on a screen together, but very few can equip that physician with the real-time clinical information needed to make confident, accurate diagnoses remotely.
Healthcare leaders should also think beyond the immediate use case. The organizations that have invested in GlobalMed’s enterprise-grade infrastructure are not just solving today’s access problem. They are building platforms capable of supporting AI-assisted diagnostics, continuous remote patient monitoring, and integrated care coordination as those capabilities mature.
The other critical consideration is trust. Healthcare runs on it. Patients trust that their data is protected, clinicians trust that the diagnostic information they receive is accurate, and health systems trust that the technology will not fail when it matters most.
GlobalMed is a leader in virtual care because we have spent over two decades earning that trust in the most unforgiving healthcare environments on Earth. For leaders evaluating virtual care investments, the question is not just what a platform can do today. It is whether the company behind it has the proven track record to deliver when the stakes are highest.
The Bottom Line
I see virtual care becoming the infrastructure of modern healthcare delivery, not just an alternative channel for convenience.
The organizations that invest in clinical-grade, evidence-based telemedicine technology today are building the competitive advantage that will define patient outcomes and organizational performance for the next decade.
GlobalMed is the world leader in evidence-based digital health solutions, providing integrated telemedicine hardware and software ecosystems trusted by the White House Medical Unit, U.S. Department of Veterans Affairs, Department of Defense, and healthcare organizations in over 60 countries. As a veteran-owned company, GlobalMed specializes in delivering clinical-grade virtual care in the world’s most demanding healthcare environments.
I’m reading this Cornell Tech research as a clear warning: deep-research AI agents can be steered by surprisingly small edits on public, user-generated pages. In the study, a single injected Reddit-style comment could become a cited recommendation for fake products, services, or entities.
The researchers described these altered pages as “poisoned” because the added text was written to influence what an AI system cites and repeats. The weakness appears in systems that search the web, collect sources, and produce cited reports. The paper calls the attack WARP, short for Web Agent Retrieval Poisoning.
How I see injected text reaching reports. The attack does not require access to the model, prompts, search engine, or retrieval system. Instead, an attacker edits or appends text to a page the agent already tends to retrieve, such as a Reddit thread, Wikipedia page, or forum post.
When the agent later searches related topics, it may pull in that page, cite it, and repeat the attacker’s chosen message as part of an otherwise normal-looking answer.
That matters because deep-research tools often run many related searches for a single user request. The paper found that the same user-generated pages surfaced across related queries, giving poisoned content more chances to appear.
Reddit stood out as the biggest opening. Across STORM, Co-STORM, and OmniThink, 17% to 23% of retrieved URLs came from user-generated platforms, including Reddit, YouTube, Facebook, and Wikipedia.
Reddit made up the largest share of those pages. It accounted for 54% to 71% of the user-generated URLs retrieved by the three open-source systems.
The researchers did not alter live websites. Instead, they used a simulation framework called GeoStorm to insert manipulated text into retrieved content during testing.
A few words were enough. What stood out to me most is how little text the attack needed. The researchers found that snippets as short as about 13 words could influence what these systems recommended.
In one test, a 15-word sentence pushed a fake cryptocurrency, BananaCoin, into a Co-STORM report as an “emerging” long-term investment option. The report cited the altered source alongside legitimate crypto sources.
When the manipulated page was retrieved, the fake entity appeared in 38% to 51% of reports across systems. When the researchers targeted multiple pages, that range increased to 42% to 62%.
The attack still worked when systems retrieved full Reddit threads, although mention rates were lower. When injected text was added to complete Reddit threads and represented less than 4% of the retrieved content, the fake entity still appeared in 30% to 53% of reports when the page was retrieved.
The defenses struggled. Blocking user-generated domains stopped this attack path, but I see the tradeoff immediately: it also removes useful sources such as firsthand product experiences and local recommendations.
The tested text filters also failed to reliably separate injected passages from normal user content. Because the manipulated passages were fluent and written by an AI model, perplexity-based filters were more likely to flag normal user content than the injected text.
Report-level checks missed the manipulation too. The altered reports looked similar to clean reports because the agent itself folded the fake recommendation into an answer that otherwise appeared normal.
Why I care. A small edit to a public page can become part of a cited AI answer, even when the underlying source is user-generated. Misinformation planted on sites like Reddit or in forums can move from discussion threads into AI recommendations that look credible to users.
About the research. The paper, Deep-Research Agents Can Be Poisoned via User-Generated Content, was written by Tingwei Zhang, Harold Triedman, and Vitaly Shmatikov of Cornell Tech and posted to arXiv on May 22. The researchers tested the full attack on three open-source systems: STORM, Co-STORM, and OmniThink.
They also analyzed OpenAI Deep Research and Gemini Deep Research for user-generated citations, but they did not run live manipulation tests because doing so would require publishing altered content to the open web.
I recently discovered how Meta is revolutionizing online shopping on Facebook and Instagram. Their new features aim to simplify the purchase process and enhance how advertisers turn casual browsing into actual sales.
Exploring New Possibilities. Meta is making a significant move by spreading Live Video Ads globally on Facebook, and now they’re introducing these to Instagram. This expansion allows businesses to reach more people during live shopping events, potentially increasing sales directly from these experiences.
In the U.S., Meta is partnering with several live commerce providers such as CommentSold and TalkShopLive to help sellers transform live streams into ads that can connect with untapped audiences.
Thanks to Facebook’s Live Shopping Tools, users can now browse and purchase products without leaving the livestream, making shopping more seamless than ever before.
Introducing a New Checkout Experience. Starting this summer, Meta will be offering a virtual card payment feature on both Facebook and Instagram through a collaboration with Mastercard and Visa.
What excites me about this feature is that it generates temporary, one-time card numbers linked to my existing cards. This means I can shop without sharing my real card details, enhancing both security and trust among users.
Benefits for Advertisers. Meta is integrating product data as a core aspect of all Sales campaigns. This streamlines the advertising process by allowing advertisers to combine product feeds with creative assets, all while Meta’s AI assembles the most engaging ads tailored to individual users.
By using product details like pricing and availability, advertisers can craft detailed and high-performance shopping campaigns.
Why This Matters. Meta’s innovations offer brands more ways to convert browsing into purchases without shoppers leaving the app. With these new features, advertisers can potentially reach larger audiences through live shopping events and AI-driven ads, optimizing their approach to sales.
The introduction of virtual card checkout aims to reduce barriers in the purchase process and build consumer trust, possibly boosting conversion rates.
A Glimpse into the Future. Meta sees AI as a game-changer in product discovery, emphasizing how recommendations now organically appear in content feeds and creator videos over traditional searches.
By leveraging product catalogs as vital data points, Meta empowers these discoveries across various platforms like creator content and business recommendations.
I’ve recently delved into Google’s exciting release of Ads API version 24.1, and it’s packed with valuable updates for advertisers. This version brings us advanced reporting capabilities, expanded AI campaign testing, and improved security measures.
In this update, Google has prepared us for their upcoming data retention policy changes, which will commence next year—something I believe every developer should be ready for.
Why we care. The latest release highlights three crucial areas: performance visibility, creative control, and testing automation, which are becoming vital for advertisers like me.
What’s more, brands now have greater control over creative displays in Demand Gen campaigns, overcoming the typical limits imposed by automation. It’s a significant update that I’m excited to explore further.
Those of us who lean heavily on reporting infrastructures should also be mindful of Google’s impending 37-month data retention limit, set to impact historical performance analysis come 2026.
Mobile reporting gets more granular. One of the features I’m most thrilled about is the new mobile device platform segment that allows for reporting by operating system.
With the new segments.mobile_device_platform field, I’m able to differentiate performance across iOS and Android, a game-changer for app marketers and ecommerce advertisers alike.
Demand Gen adds classic image support. I love how Google is providing us with more creative control in Demand Gen campaigns, specifically through the classic_display_images field.
This new field allows us to upload and display static image ads exactly as designed, which is perfect for maintaining branding consistency without AI alterations.
Passkeys come to Google Ads. Security is always a top concern of mine, so I’m pleased to see the inclusion of the passkey_enabled field to boost account security through passwordless authentication.
Experiment support expands. I’ve noticed that Google has significantly enhanced the support for Experiments, allowing us to run and analyze tests across AI Max, Video, Demand Gen, and Performance Max campaigns.
This update also enables us to view metrics such as clicks and conversions more transparently, making experiment analysis straightforward and insightful.
A major data retention change is coming. From June 1st, Google Ads and related APIs will enforce a 37-month data retention limit, something I must prepare for to avoid disruptions in performance analytics.
The release includes a new error code: DateRangeError.REQUESTED_DATE_GRANULARITY_NOT_SUPPORTED, and it’s essential that I update reporting workflows accordingly.
What’s next. I’ve already checked out the updated client libraries and code samples for v24.1, and I plan to participate in Google’s live walkthrough on Discord, YouTube Live, and LinkedIn Live for additional insights.
I’ve noticed that more and more of us are finding ourselves suddenly and, at times, permanently locked out of our Facebook accounts. What used to be just an occasional issue has turned into a widespread frustration impacting not only everyday users but creators and business owners as well.
So, what’s driving this increase? It’s a mix of AI moderation, enhanced security protocols, platform dynamics, and changing user habits. Let’s dive into the underlying factors behind this trend.
The rise of AI moderation — and its tradeoffs
At the core of this issue is Meta, Facebook’s parent company, which relies heavily on artificial intelligence to oversee user activities across billions of accounts. These AI systems are tasked with:
Identifying harmful content,
Thwarting scams and abuse,
Enforcing community standards at scale.
However, there’s a significant tradeoff with AI moderation. Unlike humans, AI struggles to grasp context and nuance, which often leads to:
Flagging normal behavior as suspicious,
Misinterpreting the context of communications,
Imposing account restrictions based on patterns instead of intentions.
This has triggered an increase in false positives, where users find themselves unjustly locked out. Reports of wrongful account deactivation are rampant, typically due to AI-only moderation with little human oversight. Astonishingly, appeals can sometimes be resolved immediately, hinting at minimal human involvement despite official policies.
Account takeovers are increasing
With the surge in cybercrime over recent years, social media platforms have increased their security measures. Facebook now deploys more aggressive signals to spot:
Logins from unfamiliar locations or new devices,
Frequent changes to account settings,
Unusual messaging or posting patterns.
While these steps aim to block malicious actors, they also come with unintended side effects:
Travel, using a VPN, or device changes can cause lockouts,
Legitimate users may be snared alongside malefactors.
When hackers access an account, they often alter the registered email and password, activating security alerts and locking the original owner out entirely. From Facebook’s viewpoint, the account is indeed compromised; however, recovery processes don’t always fast-track access back to the rightful owner.
The role of new features and identity verification
In recent years, Facebook has introduced new security layers, including:
Two-factor authentication,
Identity verification checks,
Paid support options connected to account verification.
While these features enhance security, they also introduce complications, making account recovery more cumbersome:
Adding steps to recover accounts,
Creating barriers for users who struggle with identity verification,
Causing lockouts when verification fails.
Some users report being asked to submit identification several times without resolution, escalating the frustration.
The business incentive behind platform changes
Meta’s motivations for investing in AI moderation and automated enforcement boil down to cost-effectiveness. Automation provides instant scalability, reduces operational expenses, and manages ‘standard’ cases effectively. However, this efficiency comes at a price. For those outside agencies or larger entities operating within Business Manager, finding significant support can be a challenge — leaving some of us without a clear path for escalation.
Meta’s commanding position in the social media advertising space, coupled with robust financial performance and political influence, leads to minimal external pressure to reform its support systems. Meanwhile, search queries related to account recovery are often dominated by Meta’s resources, directing users back into the same narrow support ecosystem, even when alternative solutions might exist.
Platform scale is working against users
One can’t ignore the sheer enormity of Facebook’s operations. With a global user base of billions, even minor error rates can affect millions of individuals. Consequently, Meta’s support systems can’t possibly offer personalized support to everyone, leading to automation as the norm, despite its imperfections.
Additionally, internal fragmentation complicates matters further. Facebook isn’t a singular system — it’s an expansive ecosystem including personal profiles, Pages, ad accounts, Business Manager, and platforms like Instagram, Threads, and WhatsApp. Each operates with distinct rules and support channels. When issues traverse multiple systems — as they often do — no single team fully ‘owns’ the problem, making resolutions slower, more complex, and harder to navigate.
What can seem like a deeply personal problem is often the result of a system optimized for global efficiency, sometimes at the expense of individual support. Facebook aims to minimize risk on a large scale, which can clash directly with the need for prompt, personalized support.
Lack of human support and regaining access
One of the ongoing frustrations isn’t just the lockouts but what follows them. Many users, including myself, face challenges such as:
Limited access to human support,
Automated replies that fail to address the issue,
Confusing or ineffective recovery workflows.
Although Meta is introducing new support tools, much of the assistance process remains automated. If your problem doesn’t fit perfectly into one of their defined categories, resolution becomes even more challenging.
This is primarily because Facebook’s support system is structured around rigid, predefined pathways like “my account was hacked,” “I can’t log in,” or “my ad was rejected.” But most issues don’t neatly fit into one of these categories. They’re often multifaceted: part hack, part lockout, or linked to both personal and Business Manager accounts, further complicated by unclear or incorrect policy flags.
When my situation doesn’t match a single category, the system struggles to process it correctly. Instead of progressing towards a solution, I’m often routed through repetitive workflows — submitting forms that don’t entirely apply — leaving me trapped in exhausting loops without a clear way forward.
William Jennings, who runs WKJ Consulting, a social account recovery consultancy, has observed how these gaps have led to an underground recovery market. Some dubious services even exploit locked-out users by demanding payments through unconventional means like game credits — a problem that persists because legitimate recovery channels remain limited.
Accounts that link through Meta’s Account Center (including Facebook and Instagram) generally have a more straightforward recovery process. Sometimes, users can subscribe to Meta Verified on a linked Instagram account to access chat support and initiate an administrative claim.
Jennings highlights that:
“Meta Verified acts almost like paid protection — approximately 90% effective in preventing wrongful restrictions or disabling, though it doesn’t offer a guarantee if the rules are violated.”
A well-structured recovery method often involves:
Subscribing to Meta Verified to gain chat support,
Filing an administrative dispute with necessary documentation (such as error screenshots, emails, account URL, and ID verification),
Escalating to legal support in more acute scenarios.
It’s crucial that hacked accounts follow dedicated channels like facebook.com/hacked or instagram.com/hacked, and it’s far more effective to focus on prevention than recovery.
After regaining access, it’s essential to undertake steps like enabling two-factor authentication, saving recovery codes, and adopting advanced security measures.
Enforcement has scaled — recovery hasn’t
Facebook lockouts are an inherent consequence of the platform’s development. As Meta continues to emphasize automation and efficiency, many of us engage with systems built for speed, security, and risk minimization.
Most of the time, these systems function silently in the background. But when they falter, it feels abrupt, opaque, and incredibly hard to navigate.
Access to meaningful support often correlates with high ad spend, established business accounts, and tied to paid verification products. This leads to an unbalanced support landscape where major advertisers receive better assistance, leaving individuals and small businesses with fewer options.
For a platform operating on a global scale, this setup is intentional. But for those entangled in the process, it’s incredibly frustrating.
Have you ever wondered how Google is ensuring the authenticity of AI bots? I recently stumbled upon Google’s latest experimental method, Web Bot Auth, which aims to address exactly that. This project is currently in a limited testing phase, specifically for AI agents hosted on Google’s infrastructure, but it could be expanded in the future.
In Google’s new help document, they clarify that Web Bot Auth is a “new cryptographic protocol that helps websites validate that bots are authentic.” This innovative approach is designed to automate the authentication of AI Agent bots, distinguishing between genuine and fraudulent bots.
Limited test phase: Google’s team mentions they are “testing the protocol with some AI agents hosted on Google infrastructure.” It’s important to note that not all Google user agents are currently using Web Bot Auth, and the company isn’t signing every bot request with this protocol just yet.
What is Web Bot Auth? Defined as “an experimental cryptographic protocol used to authenticate requests sent by bots,” this method moves away from self-reported headers and IP addresses. Instead, it allows agents to sign their requests cryptographically.
According to Google, Web Bot Auth offers several benefits:
Future-proofing: Supporting a trusted environment where agent providers and websites can mutually verify access.
Cryptographic certainty: Transitioning from easily falsified headers to a verified identity, separate from IP addresses.
Better observability: Gaining clear insights into agent interactions with your content.
Why this matters to us: As AI agents continue to proliferate online, managing access to our sites becomes increasingly complex. This new authentication method could effectively distinguish credible AI agents from deceptive ones, ensuring the right entities access our data.
Since Web Bot Auth is still “experimental,” I’ll be keeping an eye on its development. It might just transform how we manage AI bot access in the future.
I’ve recently discovered that Google has introduced some exciting AI safety features in their Ads Advisor, which could really transform how we manage campaigns. This update promises to automate policy fixes, enhance security, and expedite certifications, all to help us run our campaigns more efficiently.
As someone who spends a lot of time tackling policy issues and managing certifications, this news is music to my ears. With advertising campaigns becoming increasingly complex, having AI handle these time-consuming tasks could significantly boost our productivity and performance.
What’s New. The latest update brings proactive troubleshooting, continuous security monitoring, and immediate certifications. Thanks to AI and Google’s Gemini capabilities, these features promise to be a real game-changer.
Zoom In:
Ads Advisor can now automatically flag and resolve policy violations before they even catch our attention. This proactive approach ensures we stay ahead of potential issues.
The new security dashboard is always on the lookout for risks such as suspicious domains or dormant users. It’s like having an ever-vigilant guard protecting our accounts 24/7.
Imagine getting certifications that used to take weeks, approved instantly with just a click. This means we can focus on strategy rather than paperwork.
How It Works. Ads Advisor proactively scans accounts and sites, offering up fixes and confirming resolutions without the need for manual intervention. On the security front, it continuously checks account health and even supports passkey use, reducing our dependency on passwords.
Why We Care. These features save us hours that were once spent fixing issues, upping our security game, and dealing with certifications. This proactive system reduces delays and risks, ultimately enhancing campaign speed and efficiency.
What to Watch. Google plans to roll out these features for English-speaking accounts over the coming months, with additional languages to follow.
As someone who frequently works with Google’s advertising tools, I know firsthand how crucial security is. Starting April 21, Google is implementing a mandatory multi-factor authentication (MFA) requirement for its Ads API. This is a significant move towards enhancing security, but it’s one that might need us to rethink our authentication workflows.
Driving the news. Google will gradually enforce mandatory MFA for the Ads API, aiming for complete roll-out just weeks after the initial date. This means we all need to be prepared.
This update directly impacts those of us generating new OAuth 2.0 refresh tokens, as it mandates a more secure authentication process.
What’s changing. We’ll now need to add another step in verifying our identity. This could be in the form of a phone prompt or an authenticator app, alongside the usual password.
Existing OAuth tokens we’re already using will stay unaffected, but for any fresh authentications, MFA will become the default requirement. If we’re not yet using two-step verification, it’s time to set it up.
Why we care. This shift influences how we manage and access our Google Ads data through various APIs and connected tools. While it undeniably enhances security and mitigates unauthorized access risks, it could also require us to adjust existing workflows, especially when generating new credentials often. Preemptive preparation can save us from potential disruptions.
Who’s affected. If your applications or workflows rely on user-based authentication, you’re in for some changes.
User authentication workflows: These will need MFA for new token setups.
Service account workflows: Thankfully, these remain untouched. They’re actually recommended for automated or offline scenarios.
The requirement isn’t limited to the API alone. We’ll also see it in tools like Google Ads Editor, Scripts, BigQuery Data Transfer, and Data Studio.
The big picture. As we lean more heavily on ad platforms for sensitive data and automation, security can’t be pushed aside. This need grows as API access proliferates across various teams, tools, and integrations.
Yes, but. While boosting security against unauthorized intrusions is welcome, we must consider the challenges it introduces. Especially for teams like ours that often create new credentials or depend on manual authentication flows.