Security Dev stunned by $82K Gemini bill after unknown API key thief goes to town Probably not an isolated incident only as researchers have already found 2,863 live API keys exposed Jessica Lyons Tue 3 Mar 2026 // 23:19 UTC A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours. "I am in a state of shock and panic right now," the dev wrote on Reddit, and went on to detail how his startup's Google Cloud API key was somehow compromised between February 11 and February 12. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text. This is quite a cost jump, considering the three-developer Mexico-based company, usually spends $180 a month. This was about a 46,000 percent increase. After deleting the compromised key, disabling the Gemini APIs, rotating credentials, and taking other security precautions, the developer says he opened a support case with Google and got nowhere. A Google representative allegedly cited the company’s shared responsibility model – Google secures its platform and users must secure their own tools – and said the Chocolate Factory had to charge the developer for the unauthorized API costs. This, the dev wrote, "really worries me. If Google attempts to enforce even a third of this amount, our company goes bankrupt. We are barely surviving and hoping one of our products work." It looks like he may not be alone in his worries – or in experiencing API key compromise. Thousands more where that came from Truffle Security researchers scanned millions of websites and found 2,863 live Google API keys – originally used as project identifiers for billing purposes – that now also authenticate to Gemini, thus giving attackers access to sensitive data, and allowing them to rack up unauthorized charges on someone else's account. "With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account," Truffle researcher Joe Leon said in a February 25 blog post. The Register contacted the Reddit poster, and we'll share more about their story if we hear back. Google declined to answer our questions about whether it will force the developer to pay the bill or eat the costs itself. But in response to the Truffle blog, a Google spokesperson said the company is aware of this report and "worked with the researchers to address the issue." "Protecting our users' data and infrastructure is our top priority," the spokesperson added. "We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API." The flaw stems from the format of Google Cloud's API keys, which start with the string AIza and are therefore easy to find. Google’s documentation for its Maps and Firebase services specify that API keys are not secrets , but rather used to identify a developer's app's Firebase project to Firebase services. In the case of Maps, Google instructs developers to paste their key directly into HTML. This is because API keys weren't intended to be used as authentication credentials – until Gemini entered the picture. As Leon explained: You created a Maps key three years ago and embedded it in your website's source code, exactly as Google instructed. Last month, a developer on your team enabled the Gemini API for an internal prototype. Your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill. Nobody told you. The Truffle researchers presented all of this to Google, including an example from a Google product's public-facing website with a key deployed as a public project identifier back in 2023. It now allows Gemini API access. This last part made Google take notice. Chrome Gemini panel became privilege escalator for rogue extensions Chat at your own risk! Data brokers are selling deeply personal bot transcripts CIOs say AI adoption is moving faster than they can manage OpenClaw, but in containers: Meet NanoClaw After Google's Vulnerability Disclosure Project team initially dismissed the report in November 2025, determining it was simply "intended behavior," Truffle pushed back, and on December 1 provided examples from Google's own infrastructure. Google then reclassified the report from "Customer Issue" to "Bug," upgraded the severity, and started working on a fix, requesting a list of the 2,863 exposed keys. As of February 2, Google told Truffle that it was still working on the root-cause fix. Leon notes that his team has not yet seen "a concrete outcome." In the meantime, anyone who uses Google Cloud and its services can use Truffle Security's open source secrets scanning tool TruffleHog to scan code, CI/CD pipelines, and web assets for leaked Google API keys. "The pattern we uncovered here (public identifiers quietly gaining sensitive privileges) isn't unique to Google," Leon wrote. "As more organizations bolt AI capabilities onto existing platforms, the attack surface for legacy credentials expands in ways nobody anticipated." ® Share More about AI Developer Gemini More like these × More about AI Developer Gemini Google Cloud Security Narrower topics 2FA Advanced persistent threat AIOps Android API Application Delivery Controller App stores Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI Chrome Chromium CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DeepSeek DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Git Google AI Google Cloud Platform Google I/O Google Nest Google Project Zero GPT-3 GPT-4 G Suite Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security Kubernetes Machine Learning MCubed NCSAM NCSC Neural Networks NLP Palo Alto Networks Password Personally Identifiable Information Phishing Pixel Privacy Sandbox Programming Language Quantum key distribution Ransomware Remote Access Trojan Retrieval Augmented Generation REvil RSA Conference Software Bill of Materials Software bug Spamming Spyware Star Wars Surveillance Tavis Ormandy Tensor Processing Unit TLS TOPS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics Alphabet Chatbot Large Language Model Search Engine Self-driving Car More about Share POST A COMMENT More about AI Developer Gemini More like these × More about AI Developer Gemini Google Cloud Security Narrower topics 2FA Advanced persistent threat AIOps Android API Application Delivery Controller App stores Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI Chrome Chromium CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DeepSeek DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Git Google AI Google Cloud Platform Google I/O Google Nest Google Project Zero GPT-3 GPT-4 G Suite Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security Kubernetes Machine Learning MCubed NCSAM NCSC Neural Networks NLP Palo Alto Networks Password Personally Identifiable Information Phishing Pixel Privacy Sandbox Programming Language Quantum key distribution Ransomware Remote Access Trojan Retrieval Augmented Generation REvil RSA Conference Software Bill of Materials Software bug Spamming Spyware Star Wars Surveillance Tavis Ormandy Tensor Processing Unit TLS TOPS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics Alphabet Chatbot Large Language Model Search Engine Self-driving Car TIP US OFF Send us news