- Exposed Google API keys allow attackers to execute unlimited Gemini AI requests
- Developers experience serious financial losses due to unauthorized access to AI infrastructure
- Encrypted credentials convert public identifiers into active authentication tokens for Gemini AI
Developers face serious consequences as exposed Google API keys are exploited to access Gemini AI without authorization, resulting in significant financial losses, experts warned.
CloudSek security researchers discovered that the root cause of these incidents lies in the inadvertent elevation of publicly available API keys to active Gemini AI credentials.
Many developers have long built keys for services like Maps or Firebase into public apps, following Google's official guidance, without anticipating that these keys would gain access to AI infrastructure.
Article continues below.
The main cause is the increase in publicly available API keys
One case involved a solo developer whose startup nearly crashed after an attacker used a public access key to flood Gemini AI with inference requests.
The developer revoked the key within minutes of receiving a billing alert, but due to a reporting delay in Google Cloud's billing system, the charges had already reached $15,400.
Similarly, a Japanese company experienced approximately $128,000 in unauthorized use of the Gemini API, despite firewall-level IP restrictions.
Additionally, a small development team in Mexico experienced an increase of $82,314 in just 48 hours, a dramatic 455x increase over typical spend.
“This issue is not due to developer negligence; the implementations complied with the guidelines prescribed by Google,” said Tuhin Bose, cybersecurity researcher at CloudSEK.
He explained that the architecture effectively converted non-sensitive identifiers into authentication tokens, creating a systemic vulnerability in numerous applications.
CloudSEK's investigation identified 32 Google API keys exposed in 22 Android apps with a combined install base exceeding 500 million users.
The affected apps include well-known names such as OYO Hotel Booking App, Google Pay for Business, Taobao and ELSA Speak.
Researchers confirmed the data exposure in ELSA Speak when they accessed audio files submitted by users through the Gemini Files API.
The vulnerability allows attackers to make unlimited calls to the Gemini API, access sensitive user data, and exhaust the organization's API quotas.
It can also persist during application update cycles, severely impacting both developers and end users.
Developers who had followed Google's instructions now unknowingly have active credentials for powerful AI tools without notification or requests to participate.
Technical measures such as revoking keys and restricting project permissions can mitigate exposure.
However, the financial and operational impact for developers is substantial, suggesting that current practices for handling API keys and AI integrations require immediate reassessment.
The exposure of encrypted credentials demonstrates the risks inherent in assuming backward compatibility with modern AI-enabled cloud services.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
