Thousands of publicly accessible Google Cloud API keys are now at the center of a security concern after researchers found that many of them gained unintended access to Gemini endpoints once the Generative Language API was enabled in their respective projects. The discovery highlights how configuration changes inside cloud environments can quietly expand the privileges of existing credentials, exposing organizations to data access risks and unexpected billing impacts.
The findings were disclosed by Truffle Security, which identified nearly 3,000 Google API keys embedded directly in client side code across websites. These keys, recognizable by the “AIza” prefix, are commonly used to integrate services such as Google Maps and other Google related functionality into web pages. Traditionally treated as project identifiers for billing and basic service access, the keys were considered relatively low risk if exposed. However, security researcher Joe Leon explained that once the Gemini API is activated within a Google Cloud project, those same keys automatically gain the ability to authenticate against Gemini endpoints. According to the research, a valid key could allow an attacker to access uploaded files, cached data, and initiate large language model requests that would be billed to the affected account. The issue stems from the fact that enabling the Generative Language API extends permissions to all existing API keys in that project without a clear warning. As a result, API keys that were previously embedded in website JavaScript or stored in public repositories could suddenly function as live credentials for Gemini services.
Truffle Security reported finding 2,863 live keys exposed on the public internet, including at least one linked to a website associated with Google. The company also observed that newly generated API keys in Google Cloud default to an Unrestricted setting, meaning they can be used across all enabled APIs in a project, including Gemini. This configuration significantly broadens the attack surface. An attacker scraping websites for exposed keys could potentially leverage them to query Gemini endpoints, access the /files and /cachedContents routes, and accumulate substantial usage charges. The concern is not limited to cost abuse. Access to inference endpoints, cached prompts, and connected cloud services could widen the scope of exposure depending on how the project is configured.
A separate report by mobile security firm Quokka adds further context to the scale of the issue. In a scan of 250,000 Android applications, the company identified more than 35,000 unique Google API keys embedded within mobile apps. While not all of these keys necessarily have Gemini enabled, the research underscores how widely such credentials are distributed in public facing code. Quokka warned that even when direct customer data is not accessible, the combination of inference capabilities, quota consumption, and potential integration with broader Google Cloud resources creates a risk profile that differs significantly from the original billing identifier model developers relied upon.
Google acknowledged the report and confirmed that it has worked with the researchers to address the matter. A company spokesperson stated that proactive measures have been implemented to detect and block leaked API keys attempting to access Gemini endpoints. It remains unclear whether the issue was exploited in active attacks. However, a Reddit user recently claimed that a stolen Google Cloud API key led to $82,314.44 in charges over two days in February 2026, compared to a typical monthly spend of $180.
Security experts are urging organizations to review their Google Cloud projects, verify which APIs are enabled, and rotate any exposed keys, particularly older ones created under previous assumptions that API keys were safe to share publicly. The incident serves as a reminder that cloud risks evolve as services expand, and continuous monitoring of API behavior and access permissions is essential to reduce exposure.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
