Thousands of Public Google Cloud API Keys Exposed as Live Gemini Access Tokens: Risks and Remediation

Overview

New security research from Truffle Security found nearly 3,000 Google Cloud API keys with the prefix AIza embedded in client side code and public repositories. After developers enabled the Gemini for Google Cloud API, these public keys functioned as live access tokens for Gemini endpoints and could be abused to access private data or consume billable AI resources. The root cause is insecure defaults and insufficient key scoping, which left many projects unintentionally exposed.

What happened

Developers enabled the LLM API for projects that previously had no AI features. Google Cloud API keys created for common services such as Maps or Cloud Run were later accepted by Gemini endpoints when the API was enabled. Because many keys were hardcoded in front end code or committed to source control, they became public and usable by anyone who found them. Truffle Security reported thousands of these live tokens on the public internet and warned that the default configuration often left keys overly permissive.

Why this is a major problem

• Unauthorized model access: Attackers can call Gemini models and retrieve or manipulate sensitive outputs tied to a project.
• Data exposure: API calls to the LLM or dataset endpoints can expose private data or query-sensitive resources.
• Unexpected bills: AI models are often billed per query or per compute. Exposed keys can result in large unauthorized charges.
• Persistence risks: Hardcoded keys can remain accessible in Git history or cached deployments even after deletion.

How to detect exposed keys and suspicious usage

Proactive detection can limit damage. Use these steps to find leaked keys and unusual activity:

• Scan public repositories and client code for the prefix AIza and other API key patterns.
• Search code hosting platforms and package registries for commits that include credentials.
• Inspect Cloud Logging and Cloud Audit Logs for unexpected API calls to cloudaicompanion.googleapis.com or other Gemini endpoints.
• Monitor billing dashboards and set alerts for unusual spikes in AI model usage.
• Use secret scanning tools like git-secrets, Truffle Security scanners, or private repository scanners to detect leaks early.

Immediate remediation steps

• Revoke and rotate any API keys identified as exposed. Assume compromise and rotate credentials immediately.
• Restrict keys by API restrictions, HTTP referrers, or IP address ranges. Do not leave keys unrestricted.
• Enforce least privilege by assigning minimal IAM roles and scoping down the services a key can access.
• Scrub history from repositories using git filter-repo or BFG Repo Cleaner and notify downstream users to pull the cleaned history.
• Enable alerts and quotas to limit financial exposure and detect suspicious usage quickly.

Long term hardening and best practices

Addressing defaults and developer practices reduces recurrence. Recommended controls include:

• Move secrets to Secret Manager and never commit credentials to source control.
• Use short lived credentials and Workload Identity Federation where possible to avoid long lived keys.
• Operate server side for any calls to AI models and do not embed credentials in client code.
• Enable VPC Service Controls or Identity Aware Proxy for additional access boundaries.
• Audit permissions regularly and use least privilege IAM roles, including explicit restrictions on dataset access with setIamPolicy where applicable.
• Automate scanning in CI using secret detection and enforce precommit hooks to block accidental leaks.

Developer guidance

Training and secure defaults matter. Encourage these behaviors across engineering teams:

• Do not hardcode API keys or paste them into public configs.
• Review and restrict any newly enabled Google APIs immediately.
• Adopt secure IaC patterns and test for exposed credentials during code review.
• Document approval processes for enabling AI APIs and require explicit scoping for any AI billing features.

Conclusion

The Truffle Security findings show how insecure defaults and common developer practices can turn ordinary Google Cloud API keys into powerful and dangerous access tokens for Gemini. Quick detection, immediate rotation, and longer term architectural changes will reduce risk. By combining automated secret scanning, strict API restrictions, server side usage, and least privilege identity controls, organizations can protect data, prevent runaway costs, and limit attack surface for modern AI integrations.