Thousands of Gemini API Keys Exposed
Security researchers found approximately 3,000 public Google Gemini API keys that exposed private data and allowed unauthorized use, leading to unexpected charges for users. The investigation revealed that even some of Google's own API keys were vulnerable after a recent change.
The core of the issue is a privilege escalation: Google API keys once considered safe for public-facing services like Maps are now automatically gaining access to the Gemini API when it's enabled on the same project. This change in key privilege happened silently, without any notification to developers, turning previously harmless identifiers into sensitive credentials. Security firm Truffle Security uncovered the vulnerability by scanning the November 2025 Common Crawl dataset, a large archive of web data. Their scan identified 2,863 active Google API keys, including some from major financial institutions and even Google's own infrastructure, that were publicly exposed and could now access Gemini endpoints. For years, Google's own documentation instructed developers to embed these API keys directly into client-side code for services like Google Maps. This long-standing practice meant thousands of keys were already present in public JavaScript code, effectively becoming ticking time bombs once the associated projects enabled the Gemini API. The exploit is trivial for an attacker: find an exposed key in a website's source code and use it to call the Gemini API. This grants access to endpoints for files and cached content, potentially exposing any data the project owner stored via the Gemini API. Unauthorized use could also lead to significant financial costs, with the potential for thousands of dollars in daily charges for a single compromised account. Truffle Security first notified Google of the issue on November 21, 2025. After an investigation, Google classified the vulnerability as a "single-service privilege escalation" on January 13, 2026. In response, Google has started to proactively block leaked API keys from accessing the Gemini API and will send notifications when leaks are detected. For new keys created in AI Studio, the default setting will now restrict them to the Gemini API only, preventing this kind of unintended cross-service access. This incident highlights the importance of API key management best practices, such as never embedding keys directly in code and using environment variables instead. Regularly rotating keys, deleting unneeded ones, and applying the principle of least privilege by restricting keys to specific APIs and IP addresses are crucial steps to mitigate the impact of potential leaks. Developers can use tools like TruffleHog to scan their own repositories for exposed keys.
