Google 'Silent' API Change Creates Major Gemini Security Risk

The core of the vulnerability lies in a decade-old practice from Google, which instructed developers to treat API keys for services like Maps and YouTube as public, non-secret identifiers. These keys, often prefixed with "AIza," were safely embedded directly into client-side code for billing and project identification. This established a developer mindset and a legacy of publicly exposed keys that became a latent risk. The privilege escalation occurred when Google enabled the new Gemini (Generative Language) API on existing Google Cloud projects. This change silently upgraded the permissions of old, publicly visible API keys, turning them into authentication credentials for Gemini without any notification to the developers. A key created years ago for a map embed could suddenly access sensitive AI functions. Security firm Truffle Security discovered the flaw, reporting it to Google on November 21, 2025. Initially, the report was dismissed as "Intended Behavior," but after researchers provided examples from Google's own infrastructure, the issue was reclassified as a "Single-Service Privilege Escalation" bug on January 13, 2026. This highlights a critical disconnect in how API permissions are managed and communicated in evolving cloud ecosystems. A scan of the November 2025 Common Crawl dataset revealed 2,863 live, publicly exposed API keys that could now authenticate to Gemini. These keys belonged to a range of organizations, including major financial institutions, security firms, and even Google itself, demonstrating the widespread nature of the exposure. An attacker could simply view a website's source code to find a key. With a compromised key, an attacker could access private data uploaded to Gemini via `/files/` and `/cachedContents/` endpoints, run up significant charges on the victim's account, or exhaust their API quotas, causing a denial of service for legitimate applications. One Reddit user claimed a stolen key resulted in over $82,000 in fraudulent charges in just two days. The incident exposes the growing security risks in agentic AI architectures, where autonomous agents rely heavily on APIs to access data and execute tasks. Undocumented or "zombie" APIs, like these unintentionally empowered keys, create significant blind spots. As machine-to-machine communication increases, traditional security models focused on human behavior are becoming insufficient, necessitating a shift towards automated discovery and stricter governance of all API endpoints. In response, Google has begun to proactively block leaked keys from accessing the Gemini API and has committed to making new AI Studio keys default to Gemini-only scope. However, the company was still working on a root-cause fix as of the 90-day disclosure deadline on February 19, 2026, and researchers have urged Google to retroactively audit all existing keys and notify affected project owners.