Previously harmless Google API keys now expose Gemini AI data
Source: Bleeping Computer
Google API keys for services like Maps embedded in accessible client‑side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such keys while scanning internet pages from organizations in various sectors, and even from Google itself.
The problem emerged when Google introduced its Gemini assistant and developers started enabling the LLM API in projects. Before this, Google Cloud API keys were not considered sensitive data and could be exposed online without risk.
Developers can use API keys to extend functionality in a project—loading Maps on a website, embedding YouTube videos, usage tracking, or accessing Firebase services. When Gemini was introduced, Google Cloud API keys also acted as authentication credentials for Google’s AI assistant.
Issue Overview
Researchers at TruffleSecurity discovered that attackers could copy an exposed API key from a website’s page source and access private data available through the Gemini API service. Since using the Gemini API is not free, an attacker could make costly API calls on a victim’s account.
“Depending on the model and context window, a threat actor maxing out API calls could generate thousands of dollars in charges per day on a single victim account,” — Truffle Security.
The researchers warn that these API keys have been sitting exposed in public JavaScript code for years, and now they have suddenly gained more dangerous privileges without anyone noticing.
Source: TruffleSecurity
Research Findings
- TruffleSecurity scanned the November 2025 Common Crawl dataset—a representative snapshot of the most popular sites—and found more than 2,800 live Google API keys publicly exposed in code.
- Some of the keys were used by major financial institutions, security companies, and recruiting firms.
- One key, acting only as an identifier, had been deployed since at least February 2023 and was embedded in the page source of a Google product’s public‑facing website.
Google’s exposed key – Source: TruffleSecurity
Truffle Security tested the key by calling the Gemini API’s /models endpoint and listing available models.
The researchers informed Google of the problem on November 21, 2025. After a long exchange, Google classified the flaw as “single‑service privilege escalation” on January 13, 2026.
Google’s Response
In a statement to BleepingComputer, Google said it is aware of the report and has “worked with the researchers to address the issue.” A Google spokesperson added:
“We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API.”
Google announced that:
- New AI Studio keys will default to Gemini‑only scope.
- Leaked API keys will be blocked from accessing Gemini.
- Proactive notifications will be sent when leaks are detected.
Recommendations for Developers
- Check whether Gemini (Generative Language API) is enabled on your projects.
- Audit all API keys in your environment to determine if any are publicly exposed.
- Rotate exposed keys immediately.
- Use the open‑source tool TruffleHog to detect live, exposed keys in code and repositories.