• Home
  • cyber
  • Google: Google API Keys Leak Sensitive Data Without Warning via Gemini
cyber Vulnerability

Google: Google API Keys Leak Sensitive Data Without Warning via Gemini

Feb 27, 2026 2 min read
Google: Google API Keys Leak Sensitive Data Without Warning via Gemini

Google API Keys Expose Gemini AI Endpoints in Legacy Security Flaw

Security researchers at Truffle Security uncovered a critical vulnerability in Google’s API key architecture, where legacy public-facing keys originally designed for low-risk services like Google Maps can silently gain unauthorized access to Gemini AI endpoints. This flaw allows attackers to exploit exposed keys, accessing private files, cached data, and triggering costly AI queries without detection.

The issue stems from insecure defaults in Google Cloud Platform (GCP). When developers enable the Generative Language API on an existing project, previously public API keys once considered safe for client-side use are automatically upgraded into sensitive credentials with unrestricted access. Since Google uses a single key format for both public identification and authentication, there is no separation between low-risk and high-risk environments.

Exploitation is straightforward: attackers can scrape exposed keys from public code repositories and use them to query Gemini, potentially stealing data or incurring thousands in billable AI usage. The flaw affects thousands of websites, as many developers followed Google’s past guidance to embed API keys directly in client-side code.

Google is mitigating the issue by defaulting new keys in AI Studio to Gemini-only access and blocking known leaked credentials. However, organizations must audit projects for unrestricted keys and rotate exposed credentials to prevent exploitation. The incident underscores the risks of retrofitting modern AI capabilities onto outdated cloud security models.

Source: https://gbhackers.com/google-api-keys-leak-sensitive-data/

Google Cloud cybersecurity rating report: https://www.rankiteo.com/company/google-cloud

"id": "GOO1772173606",
"linkid": "google-cloud",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Thousands of websites and '
                                              'developers',
                        'industry': 'Technology/Cloud Services',
                        'location': 'Global',
                        'name': 'Google',
                        'size': 'Large Enterprise',
                        'type': 'Technology Company'}],
 'attack_vector': 'Exposed API Keys',
 'data_breach': {'sensitivity_of_data': 'High (AI-related data)',
                 'type_of_data_compromised': 'Private files, cached data'},
 'description': 'Security researchers at Truffle Security uncovered a critical '
                'vulnerability in Google’s API key architecture, where legacy '
                'public-facing keys originally designed for low-risk services '
                'like Google Maps can silently gain unauthorized access to '
                'Gemini AI endpoints. This flaw allows attackers to exploit '
                'exposed keys, accessing private files, cached data, and '
                'triggering costly AI queries without detection.',
 'impact': {'brand_reputation_impact': 'Risk of brand reputation damage due to '
                                       'data exposure',
            'data_compromised': 'Private files, cached data',
            'financial_loss': 'Thousands in billable AI usage',
            'operational_impact': 'Unauthorized access to AI endpoints',
            'systems_affected': 'Gemini AI endpoints, Google Cloud Platform '
                                'projects'},
 'lessons_learned': 'Risks of retrofitting modern AI capabilities onto '
                    'outdated cloud security models, importance of key '
                    'separation for low-risk and high-risk environments',
 'post_incident_analysis': {'corrective_actions': 'Defaulting new keys to '
                                                  'Gemini-only access, '
                                                  'blocking leaked '
                                                  'credentials, auditing and '
                                                  'rotating exposed keys',
                            'root_causes': 'Insecure defaults in Google Cloud '
                                           'Platform (GCP) API key '
                                           'architecture, single key format '
                                           'for both public identification and '
                                           'authentication, lack of separation '
                                           'between low-risk and high-risk '
                                           'environments'},
 'recommendations': 'Audit projects for unrestricted API keys, rotate exposed '
                    'credentials, follow updated security best practices for '
                    'API key management',
 'references': [{'source': 'Truffle Security'}],
 'response': {'containment_measures': 'Defaulting new keys in AI Studio to '
                                      'Gemini-only access, blocking known '
                                      'leaked credentials',
              'remediation_measures': 'Auditing projects for unrestricted '
                                      'keys, rotating exposed credentials'},
 'title': 'Google API Keys Expose Gemini AI Endpoints in Legacy Security Flaw',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Insecure defaults in Google Cloud Platform (GCP) '
                            'API key architecture'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.