- Exposed Google API keys allow attackers to run unlimited Gemini AI requests
- Developers experience severe financial losses due to unauthorized access to AI infrastructure
- Hardcoded credentials elevate public identifiers to active authentication tokens for Gemini AI
Developers face serious consequences as exposed Google API keys are exploited to access Gemini AI without permission, leading to significant financial losses, experts have warned.
Security researchers from CloudSek found that the root cause of these incidents lies in the accidental elevation of publicly available API keys to live Gemini AI credentials.
Many developers have long embedded keys for services like Maps or Firebase in public applications, following Google’s official guidance — never anticipating that those keys would gain access to the AI infrastructure.
The article continues below
Increasing publicly available API keys is the main reason
One case involved a solo developer whose startup nearly collapsed after an attacker used a publicly available key to flood Gemini AI with shutdown requests.
The developer revoked the key within minutes of receiving a billing warning, but due to a reporting delay in Google Cloud’s billing system, fees had already reached $15,400.
Similarly, a Japanese company experienced approximately $128,000 in unauthorized Gemini API usage, despite firewall-level IP restrictions.
A small development team in Mexico also saw a raise of $82,314 in just 48 hours, a dramatic 455x increase over typical spend.
“This issue did not stem from developer negligence; the implementations were in compliance with Google’s prescribed guidelines,” said Tuhin Bose, cybersecurity researcher at CloudSEK.
He explained that the architecture effectively converted non-sensitive identifiers into authentication tokens, creating a systemic vulnerability across numerous applications.
CloudSEK’s research identified 32 exposed Google API keys across 22 Android applications with a combined install base of over 500 million users.
The affected apps include household names such as OYO Hotel Booking App, Google Pay for Business, Taobao and ELSA Speak.
Researchers confirmed data exposure in ELSA Speak when they accessed user-submitted audio files via the Gemini Files API.
The vulnerability allows attackers to make unlimited Gemini API calls, access sensitive user data, and exhaust organizational API quotas.
It can also persist through app update cycles, severely affecting both developers and end users.
Developers who had followed Google’s lead now unwittingly have live credentials for powerful AI tools without notification or opt-in prompts.
Technical measures such as revocation of keys and restriction of project permissions can reduce exposure.
However, the financial and operational impact on developers is significant, suggesting that current practices for managing API keys and AI integrations require immediate reevaluation.
Exposure of hard-coded credentials demonstrates the risks associated with assuming backward compatibility for modern AI-enabled cloud services.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
