Author Credit: Truffle Security Co.
Google Cloud uses a single API key format (AIza...) for two fundamentally different purposes: public identification and sensitive authentication.
For years, Google has explicitly told developers that API keys are safe to embed in client-side code. Firebase's own security checklist once stated that API keys are not secrets. Google's Maps JavaScript documentation even instructed developers to paste their key directly into HTML. These keys were designed as project identifiers for billing, not as authentication credentials.
The Gemini Shift
Then Gemini arrived. When you enable the Gemini API (Generative Language API) on a Google Cloud project, existing API keys in that project (including the ones sitting in public JavaScript on your website) can silently gain access to sensitive Gemini endpoints. No warning. No confirmation dialog. No email notification.
Retroactive Privilege Expansion
If you created a Maps key years ago and embedded it in your website, and then someone on your team enabled Gemini for an internal prototype, your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill.
What an Attacker Can Do
The attack is trivial. An attacker visits your website, copies your AIza... key, and can potentially run commands like:
curl "https://generativelanguage.googleapis.com/v1beta/files?key=\$API_KEY"Instead of a 403 Forbidden, they may get a 200 OK, allowing them to:
- Access private data in
/files/and/cachedContents/. - Run up your bill with expensive Gemini API calls.
- Exhaust your quotas, shutting down legitimate services.
The Scale of the Problem
Truffle Security scanned the November 2025 Common Crawl dataset and identified 2,863 live Google API keys vulnerable to this privilege-escalation vector. Victims included major financial institutions, security companies, and even Google itself.
Proof of Concept: Google's Own Keys
Concrete examples were found even on Google's own infrastructure. A key deployed since February 2023 for a benign purpose had silently gained full access to the sensitive Gemini API without any developer intervention.
What You Should Do Right Now
- Check for Generative Language API: Go to the GCP console and see if it's enabled in any of your projects.
- Audit your API Keys: Look for unrestricted keys or those listing the Generative Language API in allowed services.
- Verify Public Exposure: Ensure none of these keys are embedded in client-side JavaScript or public repositories.
If you find an exposed key with Gemini access, rotate it immediately.
This post summarizes research conducted by Truffle Security Co. For the full technical breakdown, visit their original blog.