BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Google API Keys Expose Gemini, Data, Bills

Exposed Google Cloud API keys unlock Gemini AI access, risking data and massive bills.

  • Google Cloud API keys embedded in public website code can be abused to authenticate to Gemini AI endpoints.
  • Researchers found nearly 3,000 exposed keys and warn of risks like quota theft and access to private data.
  • A recent Reddit post detailed an instance of $82,000 in charges from a potentially stolen key.
  • Google states it has implemented measures to detect and block leaked keys attempting to access the Gemini API.

Security researchers at Truffle Security revealed in recent research that publicly accessible Google Cloud API keys can be weaponized to access sensitive Gemini AI endpoints. This critical vulnerability emerged after users enabled the Generative Language API, retroactively granting old billing keys new AI privileges. Consequently, these keys, designed for services like maps, became live credentials for AI models without warning.

- Advertisement -

The company discovered 2,863 such keys live on the public internet, according to their report. With a valid key, an attacker can access uploaded files and cached data while charging LLM usage to the victim’s account. Researcher Joe Leon emphasized that keys “now also authenticate to Gemini even though they were never intended for it.”

Meanwhile, a similar investigation by mobile security firm Quokka found over 35,000 unique Google API keys in Android apps. They warned that this “creates a risk profile that is materially different,” as detailed in their own analysis. The issue potentially allows for automated LLM requests and quota consumption, leading to massive bills.

Google has since addressed the problem, with a spokesperson confirming proactive measures are in place. However, the real-world impact may already be significant, as suggested by a user reporting exorbitant charges. Security strategist Tim Erlin noted this demonstrates how “risk is dynamic, and how APIs can be over-permissioned after the fact.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Microsoft Cuts 4,800 Jobs; Dow Hits Record High

Major U.S. stock indices rose on Monday, led by a rebound in technology and...

Saylor’s Strategy Sells $216M in Bitcoin At a Loss

Michael Saylor’s Strategy sold 3,588 BTC for $216 million, marking its first major sale...

New Linux KVM Bug Lets Guest Crash Host

A critical vulnerability dubbed 'Januscape' (CVE-2026-53359) allows a guest virtual machine to panic or...

Microsoft lays off 1,600, refocuses Xbox on AI

Microsoft is laying off approximately 1,600 Xbox employees immediately and eliminating another 1,250 roles...

China-linked hackers target Indian taxpayers via tax phishing

A suspected China-nexus cyber campaign named Operation DragonReturn is targeting Indian taxpayers and financial...

Must Read

17 Best Audiobooks On Blockchain Technology For Beginners

If you're looking to dive into the world of blockchain technology, you're in for a treat. The field is rapidly evolving and the potential...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading