Developer faces $82,000 in unauthorized Gemini API charges after key theft, highlighting Google's security model and widespread API key exposure problem affecting thousands.
A developer has been left reeling after discovering their company faces an $82,314.44 bill from unauthorized Google Gemini API usage, following the theft of their API key. The Mexico-based three-person startup, which typically spends $180 monthly on Google Cloud services, saw costs spike by approximately 46,000 percent over just 48 hours in February.
The incident, detailed in a Reddit post, shows how the developer's API key was compromised between February 11 and 12, with attackers using it to generate massive charges primarily through Gemini 3 Pro Image and Text services. After deleting the compromised key and taking security precautions, the developer contacted Google support only to be told that under the company's shared responsibility model, they would be held liable for the unauthorized charges.
This case appears to be part of a much larger problem. Security researchers at Truffle Security recently discovered 2,863 live Google API keys exposed across millions of websites. These keys, originally intended as project identifiers for billing, now authenticate to Gemini APIs, allowing attackers to access sensitive data and rack up charges on unsuspecting accounts.
Joe Leon, a Truffle researcher, explained the security flaw's origins: developers created API keys for services like Google Maps years ago, embedding them directly in website source code as Google's documentation instructed. When Google later enabled Gemini API access for these existing keys without clear notification, any publicly exposed key became a potential attack vector.
"You created a Maps key three years ago and embedded it in your website's source code, exactly as Google instructed," Leon wrote. "Last month, a developer on your team enabled the Gemini API for an internal prototype. Your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill. Nobody told you."
The developer facing the $82,000 bill expressed grave concerns about their startup's survival, noting they are "barely surviving and hoping one of our products work." They worry that even if Google enforces a fraction of the charges, bankruptcy could follow.
Google initially dismissed Truffle's vulnerability report in November 2025 as "intended behavior" before reclassifying it as a bug in December after researchers provided examples from Google's own infrastructure. The company has since implemented "proactive measures to detect and block leaked API keys" but has not provided a timeline for a complete fix.
For organizations using Google Cloud services, Truffle recommends using their open-source tool TruffleHog to scan code, CI/CD pipelines, and web assets for exposed API keys. The incident highlights a broader security concern as AI capabilities are bolted onto existing platforms, expanding attack surfaces for legacy credentials in ways that were never anticipated.
The case raises questions about corporate responsibility when security vulnerabilities in widely-used platforms lead to massive financial losses for small businesses. While Google maintains its shared responsibility model, critics argue that companies should bear some responsibility when their design decisions create systemic security risks that affect thousands of users simultaneously.
Comments
Please log in or register to join the discussion