A recent security discovery has revealed a silent vulnerability in how Google Cloud API keys are used on websites. These keys, which are typically meant for billing and tracking API usage, can be scraped from public sites and used to access sensitive data related to Gemini AI projects. Researchers from Truffle Security found thousands of exposed keys that could potentially give attackers access to private datasets, documents, and even incur large bills.

How Google Cloud API Keys Became a Security Issue

Google Cloud API keys have long been used as simple identifiers that link API usage to a billing account. Developers generate these keys and often embed them directly into website code, making them visible to anyone viewing the source. Historically, these keys, identified with the prefix ‘Aiza’, were just for billing purposes and did not grant access to data or services beyond that scope.

However, with the launch of Gemini AI, Google’s new Generative Language API, the role of these keys has shifted. They now also serve as authentication credentials for sites embedding Gemini AI features like chatbots or interactive tools. This change was made without any clear warning or update to developers, leaving many unaware of the new risks involved.

The Risks of Exposed API Keys

When developers add Gemini AI to a website alongside other Google services like Maps, the same public API key can now be used to access sensitive project data. Attackers can scrape these keys from site source code and reuse them to retrieve stored documents, cached content, or even manipulate the AI assistant. Because the keys are public, extracting data can be as simple as viewing the webpage source.

Moreover, the exposed keys can be exploited to run up large bills. Attackers can make API calls using the key, consuming tokens and resources, which could cost the original owners thousands of dollars. In one case, a student accidentally exposed a Google Cloud API key on GitHub and was later billed over $55,000 before Google waived the charges. This shows how dangerous exposed keys can be in real-world scenarios.

Google’s Response and Ongoing Fixes

Truffle Security notified Google about the exposed keys in November, revealing thousands of potentially vulnerable API keys, including those belonging to major financial firms, security companies, and even Google itself. Google confirmed the issue was a bug and took steps to restrict the affected keys from accessing Gemini AI services. However, the company has not yet rolled out a comprehensive fix, and the problem remains unresolved for many users.

After the security report, Google dismissed some concerns as “Intended Behavior,” but the security firm provided concrete evidence showing the problem was real. As of February, Google was still working on a more permanent solution, with the 90-day disclosure window closing. Until then, website owners and developers should be cautious about how they handle API keys and consider more secure methods for integrating Google services.

This incident highlights the importance of keeping API keys private and being aware of how changes in service architecture can impact security. Until Google releases a full fix, developers should review their site source code and consider regenerating or restricting their API keys to prevent misuse. Awareness is key to avoiding costly data breaches and unexpected bills from exposed API credentials.

Inspired by

• https://www.infoworld.com/article/4138782/silent-google-api-key-change-exposed-gemini-ai-data-2.html

Sources

• trufflesecurity.com
• google.dev
• csoonline.com