New research reveals that Google Cloud API keys embedded in client-side code have gained unauthorized access to Gemini endpoints, exposing sensitive data and enabling attackers to rack up massive charges.
New research has uncovered a critical security issue affecting thousands of Google Cloud API keys that were inadvertently granted access to Gemini AI endpoints after API enablement. The findings from Truffle Security reveal how seemingly benign API keys used for basic billing identification have become potential vectors for data theft and financial exploitation.
The Hidden Risk in Public API Keys
Google Cloud API keys, typically identified by the "AIza" prefix, are commonly embedded in client-side code to enable services like embedded maps on websites. These keys were originally designed as project identifiers for billing purposes and were considered safe to share publicly. However, security researcher Joe Leon discovered that once the Gemini API is enabled on a Google Cloud project, these existing API keys gain unauthorized access to sensitive Gemini endpoints.
The problem stems from how Google Cloud handles API key permissions. When users enable the Generative Language API (Gemini), all existing API keys in that project automatically gain access to Gemini endpoints without any warning or notification. This creates a situation where keys deployed years ago as simple billing tokens now serve as live Gemini credentials accessible on the public internet.
How Attackers Can Exploit These Keys
With a valid API key, attackers can access uploaded files, cached data, and charge LLM usage to the victim's account. The research team found that these keys can be used to access sensitive files via the /files and /cachedContents endpoints, as well as make Gemini API calls. This opens the door to several attack scenarios:
- Quota theft: Attackers can consume the victim's API quota for their own purposes
- Data access: Sensitive files and cached content become accessible
- Financial exploitation: Attackers can rack up massive charges on the victim's account
Truffle Security identified 2,863 live API keys accessible on the public internet, including one associated with Google itself. The company also found that creating new API keys in Google Cloud defaults to "Unrestricted" status, meaning they're applicable for every enabled API in the project, including Gemini.
Scale of the Problem
The issue extends beyond web applications. Mobile security company Quokka published a similar report, finding over 35,000 unique Google API keys embedded in its scan of 250,000 Android apps. This suggests the problem is widespread across both web and mobile platforms.
"Beyond potential cost abuse through automated LLM requests, organizations must also consider how AI-enabled endpoints might interact with prompts, generated content, or connected cloud services in ways that expand the blast radius of a compromised key," Quokka warned.
Google's Response and Mitigation Steps
Google has acknowledged the issue and implemented proactive measures to detect and block leaked API keys attempting to access the Gemini API. However, the company initially deemed the behavior as intended before stepping in to address the problem.
For organizations affected by this issue, Truffle Security recommends several immediate actions:
- Audit your Google Cloud projects: Check APIs and services to verify if AI-related APIs are enabled
- Rotate exposed keys: If keys are publicly accessible (in client-side JavaScript or public repositories), rotate them immediately
- Prioritize oldest keys: Start with your oldest keys first, as they're most likely to have been deployed publicly under old guidance
- Implement key restrictions: Configure API keys to restrict access to specific services and IP addresses
The Broader Security Implications
The incident highlights a fundamental challenge in API security: the dynamic nature of risk. As Tim Erlin, security strategist at Wallarm, noted, "This is a great example of how risk is dynamic, and how APIs can be over-permissioned after the fact."
Erlin emphasizes that traditional security approaches focusing solely on vulnerability detection are insufficient for modern API environments. Organizations need to:
- Profile API behavior and data access patterns
- Identify anomalies in API usage
- Actively block malicious activity
- Implement continuous security testing and vulnerability scanning
The adoption of AI and machine learning services only accelerates these challenges, as new capabilities can be added to existing infrastructure without corresponding security updates.
Real-World Impact
While it's currently unknown if this issue was exploited in the wild, a Reddit user recently reported that a "stolen" Google Cloud API key resulted in $82,314.44 in charges between February 11 and 12, 2026, up from a regular spend of $180 per month. This dramatic increase demonstrates the potential financial impact of API key compromise.
The discovery serves as a wake-up call for organizations using cloud services, highlighting the need for proactive API security measures and the importance of understanding how seemingly minor configuration changes can dramatically expand the attack surface of existing infrastructure.
Comments
Please log in or register to join the discussion