Google API Key Change Exposes Private Gemini Data
A 'silent' change to Google's API authentication reportedly converted standard billing ID keys into credentials that could access private Gemini AI project data. The undocumented change exposed sensitive data on public sites, forcing enterprise users to scramble to audit and rotate keys. The incident highlights the risks of uncommunicated changes to API permissions and platform trust.
For over a decade, Google's developer documentation instructed engineers to treat API keys with the "AIza" prefix as non-sensitive billing identifiers, safe for embedding directly into client-side HTML and JavaScript. This established a widespread practice of exposing these keys publicly for services like Google Maps. The core of the issue arose when enabling the Gemini API (Generative Language API) on a Google Cloud project. This action silently elevated the privileges of existing, publicly exposed API keys, turning them into authentication credentials for Gemini without any notification or confirmation dialog. An API key created years ago for a benign purpose like Maps could suddenly access sensitive AI model endpoints. Security research firm Truffle Security discovered the vulnerability and, after an initial dismissal by Google as "Intended Behavior," provided evidence from Google's own infrastructure to get the issue reclassified as a bug. Their scan of the November 2025 Common Crawl dataset uncovered 2,863 live, exposed Google API keys that could now authenticate to Gemini. These unintentionally upgraded keys could be used by an attacker to access private data, including uploaded files and cached content, by interacting with the Gemini API. Attackers could also leverage the compromised keys to make their own API calls, potentially racking up thousands of dollars in fraudulent charges on the victim's account. One Reddit user reported an $82,314.44 charge in just two days from a stolen key. The exposed organizations included major financial institutions, security companies, and even Google itself. Researchers demonstrated that a key publicly visible on one of Google's own product websites since at least February 2023 had gained full access to sensitive Gemini API endpoints without any developer intervention. In response to the disclosure, Google began restricting the exposed keys from accessing the Gemini API and updated its roadmap with planned fixes. These include making new keys created via AI Studio default to Gemini-only access, proactively blocking leaked keys, and notifying customers when a leak is detected.
