Hosted on MSN

Hackers are using leaked Google API keys to go wild with Gemini AI for free

Exposed Google API keys allow attackers to run unlimited Gemini AI requests Developers experience severe financial losses due to unauthorized access to AI infrastructure Hardcoded credentials elevate ...
Hosted on MSN

Experts find Google API keys are still usable, even after you delete them

Aikido researchers find Google API keys remain usable for up to 23 minutes after deletion Success rates varied across trials, with Gemini‑enabled projects especially vulnerable to stolen files and ...
Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
InfoWorld

‘Silent’ Google API key change exposed Gemini AI data

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from ...