Google API Keys Weren't Secrets. But Then Gemini Changed the Rules
10 hours ago
- #Security Vulnerability
- #Gemini API
- #Google API
- Google API keys, previously considered non-secret, now grant access to sensitive Gemini API endpoints.
- Gemini API silently enables existing public API keys to access private data without warning.
- 2,863 live Google API keys were found exposed, allowing unauthorized access to Gemini services.
- Attackers can exploit exposed keys to access private files, run up bills, and exhaust quotas.
- Google initially dismissed the issue but later acknowledged and began remediation efforts.
- Developers are advised to audit and rotate exposed API keys to mitigate risks.