A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.

"I am in a state of shock and panic right now," the dev wrote on Reddit, and went on to detail how his startup's Google Cloud API key was somehow compromised between February 11 and February 12. During that time, unknown miscreants used the key to spend $82,314.44, primarily on Gemini 3 Pro Image and Gemini 3 Pro Text.

This is quite a cost jump, considering the three-developer Mexico-based company, usually spends $180 a month. This was about a 46,000 percent increase.

After deleting the compromised key, disabling the Gemini APIs, rotating credentials, and taking other security precautions, the developer says he opened a support case with Google and got nowhere.

A Google representative allegedly cited the company’s shared responsibility model – Google secures its platform and users must secure their own tools – and said the Chocolate Factory had to charge the developer for the unauthorized API costs.

This, the dev wrote, "really worries me. If Google attempts to enforce even a third of this amount, our company goes bankrupt. We are barely surviving and hoping one of our products work."

It looks like he may not be alone in his worries – or in experiencing API key compromise.

Thousands more where that came from

Truffle Security researchers scanned millions of websites and found 2,863 live Google API keys – originally used as project identifiers for billing purposes – that now also authenticate to Gemini, thus giving attackers access to sensitive data, and allowing them to rack up unauthorized charges on someone else's account.

"With a valid key, an attacker can access uploaded files, cached data, and charge LLM-usage to your account," Truffle researcher Joe Leon said in a February 25 blog post.

The Register contacted the Reddit poster, and we'll share more about their story if we hear back. Google declined to answer our questions about whether it will force the developer to pay the bill or eat the costs itself.

But in response to the Truffle blog, a Google spokesperson said the company is aware of this report and "worked with the researchers to address the issue."

"Protecting our users' data and infrastructure is our top priority," the spokesperson added. "We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API."

The flaw stems from the format of Google Cloud's API keys, which start with the string AIza and are therefore easy to find.

Google’s documentation for its Maps and Firebase services specify that API keys are not secrets, but rather used to identify a developer's app's Firebase project to Firebase services. In the case of Maps, Google instructs developers to paste their key directly into HTML.

This is because API keys weren't intended to be used as authentication credentials – until Gemini entered the picture. As Leon explained:

The Truffle researchers presented all of this to Google, including an example from a Google product's public-facing website with a key deployed as a public project identifier back in 2023. It now allows Gemini API access. This last part made Google take notice.

• Chrome Gemini panel became privilege escalator for rogue extensions
• Chat at your own risk! Data brokers are selling deeply personal bot transcripts
• CIOs say AI adoption is moving faster than they can manage
• OpenClaw, but in containers: Meet NanoClaw

After Google's Vulnerability Disclosure Project team initially dismissed the report in November 2025, determining it was simply "intended behavior," Truffle pushed back, and on December 1 provided examples from Google's own infrastructure.

Google then reclassified the report from "Customer Issue" to "Bug," upgraded the severity, and started working on a fix, requesting a list of the 2,863 exposed keys.

As of February 2, Google told Truffle that it was still working on the root-cause fix. Leon notes that his team has not yet seen "a concrete outcome."

In the meantime, anyone who uses Google Cloud and its services can use Truffle Security's open source secrets scanning tool TruffleHog to scan code, CI/CD pipelines, and web assets for leaked Google API keys.

"The pattern we uncovered here (public identifiers quietly gaining sensitive privileges) isn't unique to Google," Leon wrote. "As more organizations bolt AI capabilities onto existing platforms, the attack surface for legacy credentials expands in ways nobody anticipated." ®