Google Ads AI Automation: What the Model Can and Cannot Do
There are now two kinds of AI in your Google Ads account: the AI Google runs for you (Smart Bidding, PMax signals, automated extensions) and the AI you bring to the account (Claude, ChatGPT via SpendSignoff). They operate at different layers and on different data. Conflating them leads to bad tooling decisions.
What Google's AI does (and its ceiling)
Google's AI is optimized for one thing: winning the right auctions at the right bid to hit a CPA or ROAS target. It has access to signals you will never see — user search history, device behavior, real-time auction dynamics. Smart Bidding is genuinely good at what it does.
The ceiling is structural. Smart Bidding cannot decide that Campaign A should receive more budget than Campaign B. It cannot pause a campaign that is structurally broken. It cannot tell you that your top keyword is cannibalizing a PMax campaign. It operates within the structure you set; it does not critique the structure.
What SpendSignoff adds above that layer
SpendSignoff reads the full account structure via the Google Ads API: campaign types, budget allocation, bid strategy assignments, keyword overlap between ad groups, conversion tracking configuration, pacing curves per campaign. It then reasons about the structure and drafts corrections.
"Campaign A and Campaign C are targeting overlapping keywords in the same bid strategy, but Campaign C's daily budget is 3x Campaign A's. Google is likely allocating impressions suboptimally. Draft a budget rebalance and flag the keyword overlap for review." That is a structural observation that Smart Bidding cannot make about itself.
The two layers work together
Safe automation scope in V1
SpendSignoff issues the model mcp.read and mcp.draft scopes against the Google Ads API. The model can read any account data the API exposes. It can stage a draft for any change. It cannot apply a change without a human two-step confirm.
OAuth tokens for the Google Ads API are vaulted with KMS envelope encryption and are never returned to the model. The model sees account data, not credentials. This matters because prompt injection attacks — where a malicious ad or keyword attempts to manipulate the model — cannot extract the vault even if they influence model output.
Auditing Google Ads structure via Claude
# Ask Claude (SpendSignoff connected):
"Analyze my Google Ads account for:
1. Campaigns with overlapping keyword targets
2. Ad groups with Quality Score below 4
3. Campaigns where actual ROAS is below
the target ROAS set in the bid strategy"
# SpendSignoff returns a structured report.
# Ask it to draft corrective actions for any finding.When to use SpendSignoff vs Google's native automation
Use Smart Bidding and PMax for what Google's AI does best: auction-level bid optimization with signals you cannot access. Use SpendSignoff for structural decisions: budget allocation, campaign architecture review, cross-campaign cannibalization analysis, and the ongoing monitoring that catches problems between human login sessions.
The mistake is treating them as alternatives. They are complementary. The argument to remove Smart Bidding in favor of manual bidding because you now have SpendSignoff is wrong. Smart Bidding handles the microsecond bid decisions; SpendSignoff handles the weekly structural ones.
FAQ
- Can SpendSignoff read Performance Max campaign data?
- Yes. PMax asset groups, performance metrics, and budget allocation are readable via the API. Drafting changes to PMax asset group priorities is supported. Some PMax-specific controls (asset group signals) have API limitations we note in the documentation.
- Does SpendSignoff conflict with Google's Recommendations?
- No. Google Recommendations operate through the Ads Manager UI. SpendSignoff drafts changes through the API directly. If Google Recommendations suggest the same change the loop drafted, you will see it in both places — but neither system acts without your approval.
Connect an account read-only and watch the operator work.
Reads are free on every plan. Nothing spends without your two-step approval.
Related reading