Overview
- Truffle Security reported 2,863 live Google API keys embedded in public code that can authenticate to Gemini, including some tied to major firms and at least one Google site, and Quokka separately found over 35,000 unique keys in a scan of Android apps.
- The exposure stems from legacy AIza-format keys long treated as non‑secret identifiers gaining authentication privileges when the Generative Language API is enabled, with new Cloud keys defaulting to unrestricted use across enabled services.
- Google acknowledged the issue, classified it as a single‑service privilege escalation, and says it now detects and blocks leaked keys from accessing Gemini, with new AI Studio keys defaulting to Gemini‑only scope and proactive leak notifications.
- Researchers warn the keys can be abused to access Gemini endpoints such as files and cached contents and to run up billable LLM usage, with one Reddit user alleging more than $82,000 in charges over two days, a claim not independently verified.
- Security guidance urges teams to audit projects for the Generative Language API, check key restrictions in GCP, rotate any exposed credentials, shift Gemini calls to backends, monitor billing and usage logs, and use detection tools like TruffleHog.