Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
28 February 2026
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data.
The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix "AIza") embedded in client-side code to provide Google-related services like