Gemini AI Data Exposure via Public Google API Keys

Key Findings

Nearly 3,000 Google API keys (identified by the prefix "AIza") were found embedded in client-side code, providing access to sensitive Gemini endpoints and private data.
The problem occurs when users enable the Gemini API on a Google Cloud project, causing the existing API keys in that project to gain access to Gemini endpoints without any warning or notice.
Creating a new API key in Google Cloud defaults to "Unrestricted," meaning it's applicable for every enabled API in the project, including Gemini.
The disclosure comes as Quokka published a similar report, finding over 35,000 unique Google API keys embedded in its scan of 250,000 Android apps.
Google has implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API.

Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data.
The findings were discovered by Truffle Security, a security research company.
The issue allows any attacker who scrapes websites to get hold of such API keys and use them for nefarious purposes and quota theft, including accessing sensitive files via the /files and /cachedContents endpoints, as well as making Gemini API calls, racking up huge bills for the victims.

With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account.
The keys "now also authenticate to Gemini even though they were never intended for it."
This effectively allows any attacker who scrapes websites to get hold of such API keys and use them for nefarious purposes and quota theft.

Google has stepped in to address the problem and has implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API.
The company said it is aware of the issue and has worked with the researchers to address it, as protecting users' data and infrastructure is a top priority.
However, it's currently not known if this issue was ever exploited in the wild.

Users who have set up Google Cloud projects are advised to check their APIs and services, and verify if artificial intelligence (AI)-related APIs are enabled.
If the keys are publicly accessible (either in client-side JavaScript or checked into a public repository), users should make sure the keys are rotated, starting with the oldest keys first.
This is a great example of how risk is dynamic, and how APIs can be over-permissioned after the fact, highlighting the need for continuous security testing, vulnerability scanning, and behavior profiling to identify anomalies and actively block malicious activity.