Can the AI server see my credit card or billing details?

No. Google Ads API scope does not include billing methods, payment info, or invoices. Those are accessible only through the Google Ads UI with full account access.

Can the AI access my Gmail or Drive?

No, if the OAuth scope is correctly limited to Google Ads. Verify at myaccount.google.com/permissions — the server should only request "See, edit, create, and delete your Google Ads accounts and data," nothing more.

What happens if my Google account is compromised?

Same as any OAuth integration — the attacker would inherit the existing scope. Revoke access immediately at myaccount.google.com/permissions, change your Google password, and review the MCP server's change log for unauthorized writes.

Should I trust a hosted MCP server with my Google Ads auth?

Conditional yes. The auth token sits on the server; that's the threat surface. Pick a server with public security practices, scoped OAuth, and a clear data-handling policy. NotFair stores auth state encrypted at rest and never accesses your account except in response to your tool calls.

Is self-hosting safer?

On paper, yes — you control where the auth token lives. In practice, it's only safer if you operate your infrastructure to the same standard. Most teams underestimate the work involved. For most users, a well-run hosted server is safer than a self-hosted one with default settings.

← Blog

AI ads infrastructure

Is It Safe to Give AI Access to Google Ads?

Yes if you pick a server with approval gates, scoped OAuth, and a change log. The realistic risks, the controls that matter, and how to verify them.

NotFair Team|April 29, 2026

Yes — if you pick an MCP server with three controls in place: approval gates on destructive operations, OAuth scope limited to Google Ads only, and a queryable change log. Without those, the risk is the same as giving keyboard access to a junior media buyer who doesn't ask before pressing buttons. With them, it's lower risk than most agencies' existing access models.

What can actually go wrong?

Misinterpreted instructions — "pause underperforming campaigns" can mean different things. A model without context might pause a brand-defense campaign that's intentionally low-CTR.
Bulk operations on the wrong scope — "add 'free' as a negative" applied to all campaigns when you meant only search.
Over-aggressive bid changes — a 40% bid increase based on a one-day conversion spike that turns out to be a tracking glitch.
Prompt injection — if your AI client is also reading external content (search terms can carry strange characters), an attacker could try to embed instructions. Real risk; mostly mitigated by the MCP server requiring confirmation.

Note what's not on this list: data exfiltration, password theft, billing fraud. Those would require the MCP server to have credentials it shouldn't have. Properly scoped OAuth eliminates them.

The three controls that matter

1. Approval gates on destructive writes

Pausing campaigns, deleting assets, and budget changes should require explicit confirmation in your AI client before the MCP server executes them. NotFair enforces this server-side. Verify the server you're using does the same.

2. OAuth scope limited to Google Ads

When you grant access, Google should only request the Google Ads scope — not Gmail, Drive, calendar, or full account access. You can verify which scopes are granted at myaccount.google.com/permissions, and revoke them in 5 seconds if anything looks wrong.

3. Change log with rollback

Every write should be logged with the change ID, the tool called, and the timestamp. "What did Claude change in my account this week?" should be a one-query answer. If something goes wrong, you should be able to undo any individual change in one call.

Reasonable starting posture

Connect with read-only mindset for the first two weeks — let AI audit and recommend, you execute manually.
Graduate to low-risk writes — pausing keywords with zero conversions, adding obvious negatives, ad copy refreshes.
Keep approval gates on bid strategy switches, budget changes, and campaign state changes for at least 30 days.
Review the change log weekly. Build trust based on observed quality, not promises.

FAQ

Try MCP with Google Ads

Connect your Google Ads account to NotFair in 30 seconds and start querying campaigns from Claude.

Connect Google Ads