SerpApi filed a federal lawsuit on January 20, 2026, against former contractor Zilvinas Kucinskas and his company SearchApi LLC, alleging systematic theft of proprietary technology worth tens of millions of dollars. The complaint filed in the United States District Court for the Western District of Texas paints a detailed picture of corporate espionage involving unauthorized server access, stolen customer lists, and copied source code that enabled a competitor to replicate eight years of development work in mere months.

The 13-page complaint names Kucinskas, a Lithuanian national who worked as a Senior Software Engineer at the Austin-based company from July 2020 to July 2021, and his Wyoming-based SearchApi LLC. According to court documents, Kucinskas improperly retained SerpApi's source code after his departure, repeatedly accessed the company's New Jersey-based MongoDB server 29 times between June 2022 and September 2023, and downloaded confidential customer lists just 11 days before leaving the company.

serpapi-v-searchapi-complaint
serpapi-v-searchapi-complaint.pdf
5 MB
download-circle

SerpApi General Counsel Chad Anson announced the lawsuit through a blog post on January 21, 2026, stating that Kucinskas "exploited his access to SerpApi's proprietary information to pilfer the company's intellectual property." The complaint seeks damages for breach of contract, copyright infringement under the Copyright Act, trade secret misappropriation under both the Defend Trade Secrets Act and Texas Uniform Trade Secrets Act, and violations of the Computer Fraud and Abuse Act.

The forensic evidence trail

According to a forensic investigation conducted by expert M. Schroeder, extensive evidence of allegedly unauthorized access was uncovered. The declaration attached to the complaint reveals that Kucinskas allegedly accessed SerpApi's Stripe payment processing platform on July 12, 2021 - just 11 days before his departure - and allegedly downloaded the company's customer list. According to the complaint, nothing in his technical and engineering role required this marketing and financial information. The forensic evidence shows he allegedly continued accessing Stripe three more times after leaving: August 2, 2021; November 9, 2021; and June 7, 2022, nearly a year after his departure.

The MongoDB server access provides particularly compelling evidence according to SerpApi's allegations. The complaint states that Kucinskas allegedly used at least two known IP addresses (196.240.54.21 and 78.61.206.75) from Lithuania and Latvia to connect to SerpApi's production server. According to the forensic investigation, these exact IP addresses had previously been used to log in to his Stripe account, establishing a clear connection between the allegedly unauthorized access and Kucinskas himself. The server allegedly contained a live, continuously updated copy of all SerpApi's production collections and test data, including raw data from engineering tests.

Each connection to the MongoDB server contains a "fingerprint" through a driver line that, according to SerpApi's complaint, demonstrates SerpApi's codebase was retained on Kucinskas's computer for years after his departure. When an engineer launches an instance of SerpApi's codebase and tries to read or write data, a connection is made to the MongoDB server. According to the lawsuit, the repeated connections prove Kucinskas retained and actively used the allegedly stolen code.

The forensic investigation identified three additional IP addresses that allegedly belonged to Kucinskas during the 2022-2023 period, suggesting according to the complaint that the unauthorized access extended beyond the documented 29 instances. Upon information and belief, according to the lawsuit, Kucinskas accessed the server using test and production backup credentials to which he had access while working for SerpApi but was required to return upon termination.

The development timeline doesn't add up

SerpApi was founded in Austin in 2017 and began working with its first customer in November 2017. Over eight years, with 10 to 30 full-time engineers at any given time, the company invested $47 million in development costs to build its proprietary web scraping tools. These tools transform raw HTML results from search engines into structured data sets, establishing SerpApi as what industry publications call "the best web scraping tool for search engine results."

The Playground tool alone cost almost $10 million and required four full-time engineers to develop. Approximately 20 percent of all SerpApi's resources have gone to and continue to go to the Playground tool's creation, maintenance, and improvement. This tool allows users to test search queries and immediately review corresponding output in JSON-formatted results.

SearchApi was formed as a new company in July 2022. By May 31, 2023 - less than a year later - SearchApi offered an "all-in-one platform" mirroring SerpApi's comprehensive product suite. According to SerpApi's complaint, what took SerpApi eight years, up to 30 engineers, and millions of dollars to build, SearchApi purportedly replicated in months with, on information and belief, only five employees.

However, earlier versions of the SearchApi.io domain suggest the company may have been serving customers much earlier than publicly disclosed. A screenshot from March 26, 2023, contains an alleged testimonial from Judith Black, CEO at DataInsights, claiming "I have been using SearchAPI for over a year" - meaning since at least March 2022, before SearchApi was formally organized in July 2022.

This lightning-speed development is highly unusual according to the complaint, particularly given the similarities between SearchApi's products and SerpApi's products coupled with the documented allegedly improper retention and access to SerpApi's server, systems, and source code. According to the lawsuit, the timeline defies explanation other than that Kucinskas allegedly stole and copied SerpApi's proprietary code and other intellectual property.

The smoking guns in the code

The complaint details extensive similarities between SerpApi's and SearchApi's products that point to direct copying rather than independent development. One particularly damning piece of evidence involves the replication of a bug in SerpApi's code. SerpApi's Account API contains a programming error that allows the calculation of negative search credits on a user's account. SearchApi's user interface similarly calculates and displays negative remaining search credits. The complaint states that "the most probable reason it would appear in another entity's code would be from copying SerpApi's backend code."

Both platforms also share the same default hourly rate limit value of 200000. Notably, Kucinskas worked on this specific code during his time as a contractor at SerpApi.

The Playground tools demonstrate near-identical design choices according to SerpApi's allegations. SerpApi first developed its Playground in October 2017, featuring search results on the left and JSON-formatted results on the right. By May 2023, according to the complaint, SearchApi offered the same feature with an identical layout. A simple search for "coffee" in both tools reveals that multiple response field names are identical and appear in the same order.

JSON files structure data in specific formats, and for two different companies to format their JSON files with the same response field names in the same order without copying is highly unlikely. The complaint provides detailed comparisons showing that response fields including "position," "title," "link," "displayed link," "snippet," "snippet_highlighted_words," "sitelinks," and "inline" appear in identical order with identical names.

The similarities extend beyond the Playground tool to full API JSON responses. A Google Flights search for flights from Beijing to Austin with a connection in San Francisco demonstrates that both platforms organize "best_flights," "flights," "departure_airport," "name," "id," "arrival_airport," "duration," "airplane," "airline," "airline_logo," "travel_class," "flight_number," and "extensions" response fields in the same order with the same names.

The website copying extends to documentation structure

According to the complaint, at least 48 different URL fragments from SerpApi's website appear as identical fragments on SearchApi's domain. URL fragments are created by website designers as part of full URLs, allowing browsers to navigate directly to particular sections within web pages. These 48 fragments are allegedly used 666 times across SearchApi's website. The fragment "#api-examples" alone allegedly appears 73 times on SearchApi's site.

According to the lawsuit, to have large portions of two websites with overlapping URL fragments - structural documentation components deeply embedded within the layout and code of multiple webpages - would be unusual absent copying. The underlying API documentation on SearchApi's website appears according to SerpApi's allegations to have been copied from SerpApi's website, with parameters from the same URL fragments showing almost verbatim identical descriptions.

According to SerpApi's allegations, the copying wasn't limited to backend code and documentation. The complaint states that SearchApi allegedly copied frontend, public-facing text displayed on its website, including SerpApi's "Easy Integration" section, its unique "US Legal Shield" logo and text, and the names and layout of its pricing plans. According to the lawsuit, these examples represent just the tip of the iceberg, with the alleged access to SerpApi's code paired with instances of allegedly identical or near-identical backend code, frontend code, and programming bugs demonstrating that the alleged theft runs much deeper and includes all of SerpApi's copyrighted source code, including trade secrets embodied therein.

The contractual obligations Kucinskas allegedly violated

On July 22, 2020, when Kucinskas was hired as a condition of his employment, he entered into a confidentiality agreement with SerpApi. The Independent Contractor Agreement was supported by valuable consideration - payment for his services in exchange for maintaining confidentiality. Pursuant to the agreement, Kucinskas explicitly promised to "(i) hold all Confidential Information in strictest confidence; (ii) not use any Confidential Information except to benefit [SerpApi] or its customer; and (iii) not disclose any Confidential Information to any person or entity without the written consent of [SerpApi]."

The contract included a choice of forum clause stating that "[a]ny claim arising under this Agreement shall be brought in the courts of the State of Texas." This provision forms the basis for the court's jurisdiction over Kucinskas despite his Lithuanian residence. The agreement's confidentiality obligations extended both during and after the contractual relationship.

SerpApi implements extensive security measures to protect its trade secrets. The company requires every employee and contractor to sign a confidentiality agreement as a condition of employment. Upon departure, SerpApi conducts exit interviews reminding employees and contractors of their confidentiality obligations. The company tracks termination of access on GitHub and uses database exchange and collaboration systems that allow setting permissions and tracking who made what change and when.

Permissions to SerpApi's source code, documents, and other confidential materials are granted restrictively - employees and contractors receive access to confidential and trade secret information only on a need-to-know basis. SerpApi uses passwords and encryption to protect its servers and repositories, limits distribution of confidential information to key employees and contractors, and provides written policies emphasizing duties to maintain secrecy.

The company maintains an internal security wiki that includes security tips for employees and contractors, each of whom is explicitly required to read the wiki as part of their onboarding process. The wiki confirms that remote users may not copy data to remote non-corporate devices when using remote terminal services. It also specifies SerpApi's process for requesting and approving access to systems, with access provisioned according to the principle of least privilege and user access rights reviewed periodically.

SerpApi uses Mobile Device Management systems and Endpoint Detection and Response systems to enforce security policies that protect its trade secrets. Despite these comprehensive measures, Kucinskas allegedly circumvented protections by improperly retaining credentials that allowed continued access to production systems.

When confronted, defendants feigned ignorance

According to the complaint, despite months of correspondence between SerpApi and the defendants explaining the alleged trade secret misappropriation and copyright infringement as well as Kucinskas's alleged breach of contract, the defendants continue to feign ignorance despite the evidence. SerpApi's allegations state that the company attempted to resolve the dispute through discussions by providing evidence of how and what information was allegedly taken, but Kucinskas allegedly stonewalled the investigation.

According to the complaint, when confronted about the allegedly unauthorized server access and alleged code copying, Kucinskas allegedly refused to cooperate despite multiple attempts to resolve the matter directly. According to SerpApi's allegations, despite multiple requests to allow an independent forensic investigator to review and investigate exactly what and how much information was allegedly stolen, the defendants declined to participate in the investigation. This refusal allegedly left SerpApi unable to ascertain the full extent of the alleged theft and copying because the company does not have access to SearchApi's code.

The complaint notes that based on SerpApi's subsequent investigation and alleged facts described - allegedly improper retention and access, rapid development, minimal resources, and near-identical products - the defendants' alleged theft and misappropriation are allegedly rampant. According to the lawsuit, the examples provided in the complaint are evidence that the alleged theft and copying run much deeper because they are identical individually and because of the cumulative similarity across SearchApi's website and products to SerpApi's.

The lawsuit brings multiple claims across federal and state law. The breach of contract claim against Kucinskas stems from violations of his Independent Contractor Agreement's confidentiality provisions. The copyright infringement claim under 17 U.S.C. § 101 et seq. targets both defendants, noting that SerpApi registered its computer program with the U.S. Copyright Office as Copyright Registration No. TXu002515424.

The trade secret misappropriation claims proceed under both federal law through the Defend Trade Secrets Act (18 U.S.C. § 1836 et seq.) and Texas state law through the Texas Uniform Trade Secrets Act (Tex. Civ. Prac. & Rem. Code § 134A et seq.). SerpApi's trade secrets include confidential source code and documentation, including proprietary backend and frontend code used to scrape search engine results and reformat those results in uniformly formatted JSON files. The company also maintains confidential customer lists as trade secrets, including customers SerpApi does not publicly identify for competitive purposes.

The Computer Fraud and Abuse Act claim (18 U.S.C. § 1030 et seq.) addresses the unauthorized access to SerpApi's protected computer systems, including the MongoDB server and Stripe account. The statute provides for both civil and criminal penalties for accessing protected computers without authorization or exceeding authorized access.

The complaint seeks unspecified damages but notes that SerpApi's trade secrets are foundational to its success as a business and include significant, highly confidential materials developed over nearly a decade with tens of millions of dollars in financial investment and resources. The company currently serves thousands of monthly subscribers, and the value of its trade secrets can be attributed to the confidential nature that differentiates it from competitors in the field.

Upon information and belief, according to the complaint, the defendants have allegedly used and allegedly continue to use SerpApi's customer list to solicit SerpApi's customers to use SearchApi's allegedly copycat products and services. According to the lawsuit, SearchApi offers products and tools over the Internet that are available in the United States, and upon information and belief, SearchApi has United States-based customers of these products and tools.

The broader irony: Google versus everyone else

The timing of SerpApi's lawsuit creates a remarkable irony in the web scraping ecosystem. Google filed a lawsuit against SerpApi on December 19, 2025, alleging violations of the Digital Millennium Copyright Act by circumventing SearchGuard technological protection measures to scrape copyrighted content from Google Search results.

Google's 13-page complaint sought statutory damages ranging from $200 to $2,500 for each circumvention act. Given that SerpApi processes hundreds of millions of automated search requests daily, the potential liability extended into astronomical territory relative to the company's reported annual revenue of a few million dollars. That lawsuit represented the second major legal action against SerpApi in 2025, following Reddit's October 22, 2025, lawsuit that also named SerpApi along with Oxylabs, AWMProxy, and Perplexity AI for circumventing security measures.

Now SerpApi finds itself in the position of protecting its own intellectual property from what it characterizes as theft by a former contractor. The company that Google accused of systematically stealing search results now accuses its own former employee of systematically stealing proprietary code. The lawsuit creates striking parallels to events from February 2014, when Matt Cutts, then Google's head of web spam, publicly requested examples of scraper sites outranking original content. Dan Barker, a search marketing professional, responded by highlighting Google's own Knowledge Panels that displayed content scraped from Wikipedia with nearly identical text and formatting.

Google's own crawling operations dwarf SerpApi's scale by orders of magnitude, accessing virtually every publicly available web page to power search services and train AI models that increasingly keep users within Google's ecosystem rather than directing them to publisher websites. Google scrapes billions of web pages across the internet for artificial intelligence training and search indexing without direct compensation to content creators, yet demands legal protection against companies that scrape its search results pages.

The web scraping controversy unfolds amid broader industry tensions over content access and AI training data. Penske Media Corporation filed an antitrust lawsuit against Google on September 12, 2025, alleging the search giant coerces publishers into providing content for AI systems without compensation while simultaneously reducing website traffic that publishers depend on for revenue generation. That 101-page complaint examined how Google's AI products - including Bard, Gemini, Search Generative Experience, AI Overviews, and AI Mode - rely on large language models trained on massive text corpuses often obtained without explicit permission.

The competing lawsuits illustrate the complex ecosystem of data access, where companies operate simultaneously as data sources, data collectors, and intellectual property protectors. Google eliminated its n=100 SERP parameter on September 14, 2025, fundamentally transforming how SEO platforms access search result data by forcing 10 separate requests instead of a single request to retrieve 100 search results. This change multiplied operational costs by a factor of 10 for businesses dependent on comprehensive search result analysis - businesses like SerpApi that provide data access services to marketing professionals.

SEO tools including Semrush confirmed significant operational impact from the parameter elimination, acknowledging the modification forced dramatic cost increases for platforms that help businesses monitor search performance. The timing suggests Google's motivation extended beyond technical optimization to include protecting its search infrastructure from automated data collection - the same infrastructure that Google uses to collect data from across the internet.

The industry-wide battle over data access intensified throughout 2025. Publishers rallied against AI scraping at an IAB Tech Lab summit during the week of July 30, 2025, with over 80 media executives gathering to address what many consider an existential threat to digital publishing. Mediavine Chief Revenue Officer Amanda Martin joined representatives from Google, Meta, and numerous other industry leaders in confronting AI companies that scrape publisher content without consent or compensation.

Over 35 percent of top websites now block OpenAI's GPTBot, according to industry tracking. HUMAN Security documented 107 percent year-over-year increases in scraping attacks, highlighting the scale of unauthorized content extraction. The resistance extends beyond blocking crawlers, with publishers implementing sophisticated detection systems to identify AI-generated content and protect their platforms from low-quality mass-produced material.

SerpApi now finds itself caught in the middle of these competing interests. The company faces legal liability for scraping Google's search results while simultaneously pursuing legal remedies for the alleged theft of its own scraping technology. Kucinskas told SerpApi he was leaving in 2021 to work on cryptocurrency. Public resources suggest that during this time he was primarily living and working in London as the founder of ExportData.io, a software platform that purports to specialize in Twitter data extraction.

SerpApi discovered in June 2025 that Kucinskas was the CEO of SearchApi via a picture attached to a SearchApi email address, which was deleted shortly after SerpApi's discovery. Kucinskas's attorney later confirmed that he serves as SearchApi's CEO. The complaint notes that while defendants continue to modify their website in an attempt to create surface-level differences between SerpApi's products and SearchApi's products, these superficial changes do not change the fact that SearchApi made extensive use of SerpApi's proprietary and copyrighted technology to build its products, tools, and website.

What this means for the marketing industry

The case highlights vulnerabilities that technology companies face from insider threats. According to SerpApi's allegations, despite comprehensive security measures including confidentiality agreements, exit interviews, access controls, and monitoring systems, a determined former contractor with technical expertise allegedly circumvented protections through retained credentials and knowledge of system architecture.

The litigation demonstrates the challenges of protecting valuable trade secrets in an industry where talent mobility is high and technical employees require extensive access to proprietary systems to perform their roles. The alleged behavior described in the complaint - allegedly retaining credentials, allegedly accessing production systems after departure, and allegedly downloading customer lists - represents a roadmap of actions that security teams must defend against.

For marketing professionals who rely on SEO tools and data access platforms, the case raises questions about the sustainability of services built on scraping technologies. SerpApi positions itself as providing "structured access to public data at enterprise scale," yet faces legal challenges from Google for how it accesses that public data. The company's own lawsuit against SearchApi argues that its methods for structuring and presenting that data constitute protectable intellectual property.

The broader context includes Google's AI Mode now counting toward Search Console totals as of June 17, 2025, affecting how website owners monitor traffic from enhanced search experiences. AI Overviews have demonstrated reduced organic click-through rates by 34.5 percent, according to analysis examining 300,000 keywords comparing performance before and after implementation.

The transformation of search through AI features creates both opportunities and challenges for marketing professionals. Google reported 65 percent year-over-year growth in visual searches as AI Mode drives multimodal adoption, fundamentally changing how users interact with search interfaces. AI Mode access directly from search results pages began testing on December 1, 2025, eliminating friction between AI Overviews and conversational search.

These developments occur as Google Discover dominates news traffic, accounting for two-thirds of Google referrals to news and media websites according to research published August 7, 2025. Traditional search traffic dropped from approximately 16 percent to 10 percent of total referrals during the period analyzed, with the inflection point occurring in late October 2024, coinciding with Google's AI Overviews rollout across more than 100 countries.

The competing pressures - platforms protecting their data from scraping while simultaneously scraping content across the web - create an unsustainable dynamic that courts will likely continue addressing through litigation. The fundamental question remains unresolved: who owns the right to access, structure, and monetize publicly available data on the internet?

SerpApi's case against SearchApi may provide some answers to narrower questions about trade secret protection and contractual obligations. According to the complaint, the alleged evidence of unauthorized server access, allegedly copied bugs, and allegedly identical JSON formatting structures presents what SerpApi characterizes as a compelling narrative of theft rather than independent development. Whether courts will find the evidence sufficient to support damages in the tens of millions of dollars remains to be seen.

For now, SerpApi pursues its claims in Texas federal court while defending against Google's lawsuit in California federal court, embodying the contradictions of an industry built on accessing, processing, and reselling data in an ecosystem where the boundaries of permissible use remain contested and unclear.

Timeline

Summary

Who: SerpApi LLC, an Austin-based web scraping platform founded in 2017, filed suit against Zilvinas Kucinskas, a Lithuanian national and former Senior Software Engineer who worked for the company from July 2020 to July 2021, and his Wyoming-based company SearchApi LLC, where he serves as CEO.

What: The lawsuit alleges systematic theft of proprietary technology including source code, trade secrets, and customer lists through unauthorized retention of credentials, 29 documented instances of improper MongoDB server access between June 2022 and September 2023, and downloading confidential customer lists just 11 days before departure. The complaint brings claims for breach of contract, copyright infringement, trade secret misappropriation under federal and state law, and violations of the Computer Fraud and Abuse Act.

When: Kucinskas worked for SerpApi from July 22, 2020, to July 23, 2021, but allegedly continued accessing company systems through June 2022 for Stripe and through September 2023 for MongoDB servers. SearchApi was formally organized in July 2022 and began offering competing services mirroring SerpApi's platform by May 2023. SerpApi filed the lawsuit on January 20, 2026, in the United States District Court for the Western District of Texas, Austin Division, as Case No. 1:26-CV-00143.

Where: The case was filed in Austin, Texas, where SerpApi is headquartered at 5540 N. Lamar Blvd. #12. The unauthorized server access targeted SerpApi's MongoDB production server located in New Jersey, with connections originating from IP addresses in Lithuania and Latvia where Kucinskas was located. SearchApi lists its principal place of business at 447 Broadway, 2nd Floor, 376, New York, NY 10013, though it is registered as a Wyoming LLC.

Why: SerpApi invested $47 million over eight years with teams of 10 to 30 engineers to develop its proprietary web scraping and data compilation tools, establishing itself as an industry leader. The alleged theft enabled SearchApi to replicate this work in months with only five employees, creating a direct competitor using stolen intellectual property. The lawsuit seeks to protect SerpApi's investment, protect its customers, hold Kucinskas accountable, and reinforce security and trust. The case occurs amid broader industry tensions over data access rights, with Google suing SerpApi for scraping search results while SerpApi simultaneously defends its own intellectual property against alleged theft by a former contractor.

Share this article
The link has been copied!