Security researchers have discovered that thousands of Google API keys publicly exposed in website code could be abused to access the Gemini AI assistant and potentially retrieve private data.
The issue began after Google introduced its Gemini assistant and allowed developers to enable the large language model API in their projects. Before Gemini, Google Cloud API keys were generally not treated as sensitive. Developers often embed them directly in client-side JavaScript for services like Google Maps, YouTube embeds, usage tracking, or Firebase.
However, once Gemini was added to the mix, those same API keys could also act as authentication credentials for Google’s AI services.
Researchers at Truffle Security found that attackers could copy exposed API keys from a website’s page source and use them to interact with the Gemini API. This could allow access to private data connected to the project. Since Gemini API usage is paid, attackers could also abuse the keys to generate large bills for victims.
According to Truffle Security, depending on the model and context window used, a threat actor could rack up thousands of dollars per day in API charges on a single compromised account.
To understand the scale of the problem, the researchers scanned the November 2025 Common Crawl dataset, which includes a broad snapshot of popular websites. They found more than 2,800 live Google API keys publicly exposed in JavaScript code. Some of the keys belonged to major financial institutions, security firms, recruiting companies, and even Google itself.
In one case, an API key embedded in a public-facing Google product website had been exposed since at least February 2023. The researchers tested it by calling the Gemini API models endpoint and successfully listing available models.
Truffle Security reported the issue to Google on November 21, 2025. After several exchanges, Google classified the problem as a single service privilege escalation on January 13, 2026.
In a statement, Google said it worked with the researchers to address the issue. The company has implemented measures to detect and block leaked API keys that attempt to access the Gemini API. It also said that new AI Studio keys will default to the Gemini only scope, leaked keys will be blocked from accessing Gemini, and developers will receive proactive notifications if exposed keys are detected.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Google is advising developers to review whether the Gemini or Generative Language API is enabled in their projects. They should audit all API keys, check if any are publicly exposed, and rotate them immediately. Researchers also recommend using open source tools like TruffleHog to scan codebases and repositories for live, exposed keys.
