March 5, 2026 A small development company in Mexico says a compromised Google Cloud API key triggered more than $82,000 in unauthorized usage of Google’s Gemini AI services in roughly two days, a roughly 455-fold increase over their normal monthly costs.
The developers say their API key was compromised between Feb. 11 and Feb. 12 and used to access Gemini 3 Pro Image and Gemini 3 Pro Text services at scale. Their typical monthly AI spending was about $180, but the spike generated a bill of approximately $82,314.44. The team says it has attempted to negotiate relief with Google but has not received a payment adjustment so far.
According to a representative from Google’s headquarters in Mountain View, customers using generative AI services are responsible for securing their own credentials under the platform’s Shared Responsibility Model. Under that framework, cloud providers operate the infrastructure, while users are expected to protect authentication keys and implement safeguards against misuse.
The developers say they were unaware of any obvious operational error and only discovered the issue after the surge in usage. They responded by deleting exposed keys, disabling Gemini API access and enabling two-factor authentication across their accounts, and they opened a support request with Google.
One of the developers described the billing spike on Reddit and argued that cloud providers should introduce stronger protections against extreme usage anomalies. “A jump from $180/month to $82k in 48 hours is not ‘normal variability.’ It is obvious abuse,” the developer wrote.
The team has been seeking advice from the developer community while trying to determine how the key was exposed. Some online discussions have suggested the credential may have been uploaded to a public repository, though the developers dispute claims that the key was knowingly exposed.
The incident also reflects an operational risk for startups building on usage-based AI services. Generative AI APIs can scale quickly and so can the associated costs, making credential security and monitoring critical controls for development teams with limited financial buffers.
