A Critical Overlap: When Billing Keys Unlock AI Secrets
A recent investigation has unearthed a significant security vulnerability within Google Cloud, revealing that thousands of publicly exposed API keys, originally intended solely for billing and project identification, are now inadvertently granting access to sensitive Gemini AI endpoints. This critical oversight could allow malicious actors to access private data, incur substantial charges, and exploit AI capabilities without authorization.
The Alarming Discovery by Truffle Security
The findings, brought to light by cybersecurity firm Truffle Security, detail the discovery of nearly 3,000 Google API keys (identifiable by the ‘AIza’ prefix) openly embedded within client-side code. These keys typically facilitate benign Google-related services, such as displaying embedded maps on websites. However, a crucial change in functionality has transformed them into potential attack vectors.
How the Vulnerability Emerged
The core of the problem lies in the enablement of the Gemini API (also known as the Generative Language API) within a Google Cloud project. When this API is activated, existing API keys within that project – including those publicly accessible via website JavaScript – surreptitiously gain authentication privileges to Gemini endpoints. This occurs without any explicit warning or notification to the user.
Security researcher Joe Leon of Truffle Security highlighted the gravity of the situation: “With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account.” He further emphasized that these keys “now also authenticate to Gemini even though they were never intended for it.”
The Far-Reaching Implications: Data Theft and Financial Ruin
This unintended access presents a multi-faceted threat. Attackers can scrape websites for these exposed API keys and leverage them for nefarious purposes, including:
- Accessing Sensitive Data: Exploiting endpoints like
/filesand/cachedContentsto retrieve private user files and cached information. - Quota Theft and Massive Bills: Making extensive Gemini API calls, leading to exorbitant charges for the legitimate account holders.
Adding to the concern, Truffle Security also noted that new API keys created in Google Cloud default to an “Unrestricted” status. This means they are automatically applicable to every enabled API in the project, including Gemini. Leon starkly summarized the outcome: “The result: thousands of API keys that were deployed as benign billing tokens are now live Gemini credentials sitting on the public internet.”
The firm confirmed finding 2,863 live keys publicly accessible, even on a website associated with Google itself. This revelation echoes a similar report from Quokka, which identified over 35,000 unique Google API keys embedded across 250,000 Android applications, underscoring the widespread nature of the issue.
Quokka’s report further warned, “Beyond potential cost abuse through automated LLM requests, organizations must also consider how AI-enabled endpoints might interact with prompts, generated content, or connected cloud services in ways that expand the blast radius of a compromised key.” The mobile security company stressed that even without direct customer data access, the combination of inference access, quota consumption, and potential integration with broader Google Cloud resources creates a “materially different” risk profile than the original billing-identifier model.
Google’s Response and Mitigation Efforts
Initially, the behavior was reportedly considered intentional. However, Google has since acknowledged the problem and is actively working to address it. A Google spokesperson informed The Hacker News, “We are aware of this report and have worked with the researchers to address the issue. Protecting our users’ data and infrastructure is our top priority. We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API.”
A Real-World Cost and User Guidance
While it remains unclear if this vulnerability has been widely exploited in the wild, a recent Reddit post paints a stark picture of potential financial damage. A user claimed a “stolen” Google Cloud API Key led to an astounding $82,314.44 in charges over just two days (February 11-12, 2026), a dramatic surge from their usual monthly spend of $180.
Google Cloud users are strongly advised to take immediate action:
- Review APIs and Services:
Thoroughly check your Google Cloud projects to verify if any Artificial Intelligence (AI)-related APIs are enabled.
- Rotate Exposed Keys: If AI APIs are enabled and associated keys are publicly accessible (e.g., in client-side JavaScript or public repositories), rotate them immediately. Truffle Security recommends prioritizing “your oldest keys first,” as these are most likely to have been deployed under older guidelines that deemed API keys safe to share, only to retroactively gain Gemini privileges.
The Dynamic Nature of API Risk
Tim Erlin, a security strategist at Wallarm, emphasized the evolving landscape of API security. “This is a great example of how risk is dynamic, and how APIs can be over-permissioned after the fact,” he stated. Erlin advocates for continuous security testing, vulnerability scanning, and ongoing assessments.
“APIs are tricky in particular because changes in their operations or the data they can access aren’t necessarily vulnerabilities, but they can directly increase risk,” Erlin added. “The adoption of AI running on these APIs, and using them, only accelerates the problem. Finding vulnerabilities isn’t really enough for APIs. Organizations have to profile behavior and data access, identifying anomalies and actively blocking malicious activity.”
For more details, visit our website.
Source: Link
Leave a comment