March 2, 2026 Thousands of exposed Google Cloud API keys can authenticate to Gemini endpoints when the Generative Language API is enabled, allowing attackers to access files and run up AI charges, according to research from Truffle Security. The issue expands the risk profile of keys originally used as billing identifiers and has prompted Google to implement blocking measures for leaked credentials.
Truffle Security said it identified 2,863 live Google API keys – typically prefixed with “AIza” – embedded in public client-side code. Security researcher Joe Leon said that when the Gemini API is enabled on a Google Cloud project, existing API keys in that project can automatically gain access to Gemini endpoints without additional warning.
“With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account,” Leon said. He further revealed that the keys “now also authenticate to Gemini even though they were never intended for it.”
The exposure stems from how Google Cloud handles API enablement. When users activate the Generative Language API, previously issued keys within the same project can access Gemini’s /files and /cachedContents endpoints and initiate model calls. Truffle found that new API keys default to “Unrestricted,” making them applicable to all enabled APIs in a project unless explicitly limited.
“The result: thousands of API keys that were deployed as benign billing tokens are now live Gemini credentials sitting on the public internet,” Leon said.
The findings follow a separate report by Quokka, which identified more than 35,000 unique Google API keys embedded across 250,000 Android apps. The mobile security firm warned that AI-enabled endpoints could increase the impact of compromised keys, citing risks beyond cost abuse, including broader access to connected cloud resources.
Google said it has addressed the issue. Speaking to The Hacker News, a spokesperson for the company said, “We are aware of this report and have worked with the researchers to address the issue “Protecting our users’ data and infrastructure is our top priority. We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API.”
It is not known whether the behaviour was exploited at scale. In a recent Reddit post, a user alleged that a stolen Google Cloud API key led to US$82,314.44 in charges over two days, compared with a usual monthly spend of US$180.
Security experts advise organizations to review enabled APIs within Google Cloud projects, restrict or rotate exposed keys – starting with older credentials – and limit API key permissions to required services only.
