Hackers Could Exploit Exposed Google API Keys to Access Gemini AI

Google is facing renewed security scrutiny after researchers revealed that publicly exposed API keys can be abused to access Gemini AI services.

The issue centers on Google API keys embedded in client-side code, which were historically treated as low-risk but may now grant unintended access to the Gemini (Generative Language) API.

Exposed API keys may open the door to Gemini misuse

According to a report by Truffle Security, security researchers discovered that publicly available Google API keys could authenticate requests to Gemini AI endpoints.

These keys often appear in JavaScript for services such as Google Maps embeds, YouTube integrations, analytics tracking, and Firebase features. In the past, developers frequently exposed them in frontend code because they were not considered sensitive credentials.

However, after Google introduced Gemini and developers enabled large language model (LLM) APIs in existing projects, those same keys gained expanded capabilities.

Researchers found that attackers could extract the keys directly from a website’s source code and use them to send requests to Gemini endpoints, including the /models API route. In some cases, this could allow access to private data exposed through the Generative Language API.

Thousands of live keys discovered online

A scan of the November 2025 Common Crawl dataset uncovered more than 2,800 live Google API keys exposed across public web pages.

The keys appeared on websites belonging to a wide range of organizations, including financial institutions, recruiting firms, security companies, and even some Google-owned properties.

In one documented case, a key embedded in a Google product’s public website had reportedly remained active since at least February 2023.

Security firm Truffle Security warned that malicious actors could use these exposed keys to make unauthorized Gemini API calls. Researchers estimate that such abuse could generate thousands of dollars in API charges per day on a single compromised account.

From low-risk embeds to AI authentication credentials

Before Gemini integration, Google Cloud API keys typically supported limited use cases and often required additional restrictions, such as HTTP referrer limits.

Developers commonly left these keys visible in frontend code, assuming they posed minimal risk.

With Gemini access enabled, the same keys could function as authentication credentials for AI-powered services, creating a new attack surface.

Google reportedly received disclosure of the issue on November 21, 2025. On January 13, 2026, the company classified the problem as a “single-service privilege escalation.”

Google rolls out mitigations

Google says it has implemented new safeguards to detect and block leaked API keys attempting to access Gemini services.

New AI Studio API keys will default to a Gemini-only scope and include additional protections. Google also plans to send proactive alerts when it detects exposed keys tied to Gemini usage.

Developers are advised to audit existing projects, verify whether the Gemini API is enabled, and rotate any publicly exposed API keys immediately.

Researchers recommend scanning codebases and repositories with tools such as TruffleHog to identify hardcoded credentials.

The disclosure comes as Google continues expanding its AI ecosystem, recently launching Nano Banana 2 and Lyria 3, further increasing the importance of securing API-based access to its generative services.

In related developments, reports indicate that threat actors have also leveraged Gemini to carry out cyberattacks.

Via Bleeping Computer