Recent research by Truffle Security has revealed a significant security gap affecting thousands of Google Cloud API keys. Originally designed as project identifiers primarily for billing purposes, these keys are now being exploited to authenticate against sensitive Gemini API endpoints, potentially exposing private data and leading to massive unauthorized usage.
The investigation uncovered nearly 3,000 Google API keys—identifiable by their “AIza” prefix—embedded within publicly accessible client-side code on websites, commonly used for services like embedded Google Maps. When users enable the Gemini API (officially known as the Generative Language API) on their Google Cloud projects, these existing keys automatically gain access to Gemini endpoints without explicit notification or additional security measures.
Security researcher Joe Leon of Truffle Security explained the risk: with a valid key, attackers can not only access cached files and uploaded data but also abuse the language model usage, charging the victim’s account without consent. This unintentional privilege escalation occurs because Google Cloud API keys, by default, have an “Unrestricted” setting, allowing them to interact with any enabled API within the project—including Gemini.
This oversight enables attackers to scrape websites, harvest exposed API keys, and leverage them for malicious activities such as unauthorized data retrieval and quota abuse. Truffle Security’s scan identified 2,863 active keys publicly available on the internet, including keys linked to Google-owned websites.
The issue has echoes in mobile security, with Quokka’s analysis finding over 35,000 Google API keys embedded in 250,000 Android apps, highlighting the widespread nature of API key exposure risks.
Quokka emphasized that even when direct customer data is not exposed, the ability to invoke AI-powered endpoints and consume quotas creates a materially different and heightened risk landscape compared to the original purpose of these keys as mere billing identifiers.
Google has acknowledged the vulnerability and worked closely with researchers to mitigate the issue. A company spokesperson told The Hacker News that proactive measures have been implemented to detect and block leaked API keys attempting Gemini API access, reinforcing their commitment to user data and infrastructure security.
While there is no confirmed evidence of widespread exploitation, anecdotal reports on Reddit indicate some users have suffered steep unexpected charges—for example, a reported $82,314 in Google Cloud fees within two days, compared to a normal monthly spend of $180, suspected to result from stolen API keys being abused.
Users managing Google Cloud projects are strongly advised to review their API and service configurations, especially focusing on any AI-related APIs enabled. If such APIs are active and the keys are exposed publicly—whether through client-side scripts or open repositories—immediate key rotation and tighter restrictions are crucial.
Truffle Security recommends prioritizing the oldest keys for rotation, as these are more likely to have been deployed under older, less restrictive guidance and may now carry unintended Gemini API permissions.
Security experts like Tim Erlin, Wallarm’s strategist, stress that API security is dynamic. “APIs can be over-permissioned after the fact,” he noted, underscoring the importance of continuous security testing, vulnerability scanning, and anomaly detection. The rapid adoption of AI on these APIs amplifies risks, requiring organizations to monitor behavior actively and block malicious activity beyond merely identifying vulnerabilities.
As Google Cloud and AI integrations grow, this incident serves as a critical reminder that API keys—once viewed as benign billing tokens—can become significant attack vectors when coupled with expanded API functionalities.
