Security & Infrastructure Tools
Previously harmless Google API keys now expose Gemini AI data
Google’s new Gemini AI has turned previously harmless public Google API keys into powerful access points for the AI assistant, allowing attackers to read private data and incur high usage costs. TruffleSecurity uncovered nearly 3,000 exposed keys across many sites, including major firms, and warned that these keys can be used to call Gemini’s API and exploit its paid services. After reporting the issue, Google classified it as a privilege escalation flaw, implemented proactive blocking of leaked keys from accessing Gemini, and advised developers to audit and rotate any publicly exposed keys immediately.
Google’s recent launch of its Gemini AI assistant has turned what was once a harmless practice—embedding Google API keys in client‑side code—into a serious security threat. Researchers from TruffleSecurity scanned the November 2025 Common Crawl dataset, uncovering more than 2,800 publicly exposed Google API keys that had been embedded in JavaScript on popular sites for years.
Until Gemini’s introduction, these keys were considered “non‑sensitive” and could be shared without risk; they simply identified a project or enabled services such as Maps, YouTube embeds, Firebase analytics, or other Cloud APIs. With Gemini now available, those same keys also act as authentication credentials for the new Generative Language API.
A single exposed key can be copied from a web page’s source code and used to call the Gemini endpoint, granting access to private data stored in the user’s account. Because Gemini usage is not free—each request incurs a charge—an attacker could make thousands of calls per day on a victim’s account, potentially generating substantial billing costs.
TruffleSecurity reported the issue to Google in November 2025 and was subsequently classified as a “single‑service privilege escalation” flaw by the company. Google has acknowledged the problem and is implementing proactive measures: new AI Studio keys will default to Gemini‑only scope, leaked keys will be blocked from accessing Gemini, and alerts will be sent when leaks are detected.
Developers must audit their environments for any publicly exposed API keys, especially those used in projects that may have enabled Gemini. Key steps include rotating the keys immediately, removing them from client‑side code, and limiting the scope of new keys to only the services required. The open‑source tool TruffleHog (https://github.com/trufflesecurity/trufflehog) can scan code repositories and live deployments for exposed credentials.
In short, what was once a benign practice has become a potential vector for costly attacks. Vigilance in key management and early detection of leaks are now essential to protect user data and avoid unnecessary charges from Gemini’s new capabilities.