Google API Keys Can Now Access Gemini — A Security Wake-Up Call

Your Google API key may no longer be harmless

For over a decade, Google told developers that API keys — the credentials embedded in website code to access services like Google Maps or Firebase — were not sensitive secrets. That changed quietly when Google enabled Gemini access through those same keys. If your business uses any Google Cloud service, this affects you.

What happened

Security researchers at Truffle Security scanned millions of websites and found nearly 3,000 Google API keys — originally deployed for public services like Maps — that now also authenticate to Google’s Gemini AI endpoints. The keys were never intended for AI access. They gained it silently when the Generative Language API (Gemini) was enabled on the same Google Cloud project.

No warning. No confirmation dialog. No email notification to the developer.

Key facts

3,000 exposed keys found on public websites belonging to financial institutions, security companies, recruiting firms, and Google itself
With a valid key, an attacker can access uploaded files, cached data, and rack up charges on your account
One Reddit user reported an $82,314 bill from a stolen key — up from a typical $180/month spend
PromptSpy, the first documented Android malware to steal Gemini API keys, confirmed this attack vector is already being exploited in the wild
Google initially classified the behavior as “intended,” then reclassified it as a Tier 1 vulnerability after Truffle Security pushed back

Why this matters if you use any Google services

The silent privilege escalation

The root cause is straightforward. New API keys in Google Cloud default to “Unrestricted” — meaning they can access every enabled API in the project. When a developer enables Gemini on a project that already has Maps or Firebase keys deployed in public-facing code, those existing keys silently inherit Gemini access.

This is not a theoretical risk. Eighty-one percent of small businesses suffered a security breach in the past year, and credential exposure is one of the most common causes. If you hired a web developer to build your site five years ago and they left a Google Maps API key in the source code, that key might now grant access to your Gemini-powered AI tools, uploaded training data, and billing account.

For small businesses specifically

This matters more for small businesses than enterprises for a simple reason: smaller teams have less visibility into their cloud configurations.

If you use Google Maps on your website, the API key is likely visible in your page source. Check whether Gemini is also enabled on that project.
If you use Firebase for your app, those keys are public by design. If someone later enabled Gemini on the same project, you have an exposure.
If a contractor set up your Google Cloud account, you may not know what APIs are enabled or how keys are scoped.

An $82,000 bill would be devastating for any small business. Even a few hundred dollars in unauthorized Gemini API charges adds up fast when margins are tight.

How to check if your keys are exposed

You do not need to be a security expert to audit this. Here is what to do:

Log into Google Cloud Console at console.cloud.google.com and navigate to APIs & Services > Credentials
Review each API key — click on each one and check its “API restrictions.” If it says “Don’t restrict key,” that key can access every enabled API, including Gemini
Check enabled APIs — go to APIs & Services > Enabled APIs and look for “Generative Language API.” If it is enabled and you have unrestricted keys, you have an exposure
Restrict your keys — set each key to only access the specific APIs it needs. A Maps key should only access the Maps API. A Firebase key should only access Firebase services
Rotate exposed keys — if any unrestricted key has been in public code (website source, GitHub repos, client-side JavaScript), generate a new restricted key and revoke the old one

For a more thorough scan, Truffle Security offers an open-source tool: run trufflehog filesystem /path/to/your/code --only-verified to detect live, verified Gemini-accessible keys in your codebase.

Best practices for API key security

This incident highlights a broader pattern. As AI capabilities get bolted onto existing platforms, legacy credentials gain powers nobody anticipated. Here is how to stay ahead of it:

Principle of least privilege: Every API key should be restricted to the specific APIs it needs. Never leave a key unrestricted.
Separate keys for separate services: Do not reuse one key across Maps, Firebase, and Gemini. Create distinct keys with distinct scopes.
Never embed secrets in client-side code: If you must use an API key in browser-facing JavaScript, restrict it by HTTP referrer and API scope. Better yet, proxy requests through your server.
Audit quarterly: Set a calendar reminder to review your Google Cloud credentials every three months. APIs get enabled and forgotten. Keys get created and abandoned.
Monitor billing alerts: Set up Google Cloud budget alerts so you get notified before an $82,000 surprise hits your account.

If your business relies on Google Cloud services and you are not sure how your infrastructure is configured, this is exactly the kind of thing an AI infrastructure audit can catch before it becomes a problem.

The bigger picture

This is not the last time a platform update will silently expand the scope of existing credentials. The pattern will repeat as every major cloud provider races to integrate AI features into their existing products. Microsoft is doing it with Copilot across 365 apps. Amazon is doing it with Bedrock across AWS services.

For small businesses, the lesson is clear: the tools you adopted years ago are changing underneath you. A Google Maps key from 2019 is not the same thing it was when your developer created it. Regular security audits are no longer optional — they are a cost of doing business in the AI era.

If you are not sure where to start with securing your AI tools and cloud infrastructure, talk to our team. We help Appalachian businesses build on AI without leaving the front door open.