Thousands of Public Google Cloud API Keys Gain Unexpected Gemini Access After API Enablement

Truffle Security discovered that nearly 3,000 publicly exposed Google Cloud API keys — embedded in client-side JavaScript for services like Google Maps — silently gain access to Gemini AI endpoints when the Generative Language API is enabled on the same project, without any warning to the project owner. Security researcher Joe Leon confirmed attackers with these exposed keys can access uploaded files, cached Gemini data, and charge LLM API usage to the victim's billing account. The issue underscores a structural risk in Google Cloud's API key inheritance model, where enabling a new product expands the scope of all existing keys in the project without explicit consent or notification.

Key Takeaways

• Truffle Security found ~3,000 Google Cloud API keys (prefix 'AIza') embedded in client-side code that silently authenticate to Gemini endpoints once the Generative Language API is enabled on the project — no warning issued to owners\n· Attackers with exposed keys can access uploaded files, Gemini-cached data, and charge LLM inference costs to the victim's account — all without visible indication the key was ever used for AI\n· Mitigation: audit all Google Cloud projects for client-side-exposed API keys before enabling the Generative Language/Gemini API; apply API key restrictions (allowed referrers, allowed API list) and rotate any keys previously embedded in public code

Original source: The Hacker News / Truffle Security