Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data.
Researchers found nearly 3,000 such keys while scanning internet pages from organizations in various sectors, and even from Google.
The problem occurred when Google introduced its Gemini assistant, and developers started enabling the LLM API in projects. Before this, Google Cloud API keys were not considered sensitive data and could be exposed online without risk.
Developers can use API keys to extend functionality in a project, such as loading Maps on a website to share a location, for YouTube embeds, usage tracking, or Firebase services.
When Gemini was introduced, Google Cloud API keys also acted as authentication credentials for Google’s AI assistant.
Researchers at TruffleSecurity discovered the issue and warned that attackers could copy the API key from a website’s page source and access private data available through the Gemini API service.
Since using the Gemini API is not free, an attacker could leverage the access and make API calls for their benefit.
“Depending on the model and context window, a threat actor maxing out API calls could generate thousands of dollars in charges per day on a single victim account,” Truffle Security says.
The researchers warn that these API keys have been sitting exposed in public JavaScript code for years, and now they have suddenly gained more dangerous privileges without anyone noticing.
TruffleSecurity scanned the November 2025 Common Crawl dataset, a representative snapshot of a large swath of the most popular sites, and found more than 2,800 live Google API keys publicly exposed in their code.
According to the researchers, some of the keys were used by major financial institutions, security companies, and recruiting firms. They reported the problem to Google, providing samples from its infrastructure.
In one case, an API key acting just as an identifier was deployed since at least February 2023 and was embedded in the page source of a Google product’s public-facing website.
Source: TruffleSecurity
Truffle Security tested the key by calling the Gemini API’s /models endpoint and listing available models.
The researchers informed Google of the problem last year on November 21. After a long exchange, Google classified the flaw as “single-service privilege escalation” on January 13, 2026.
In a statement for BleepingComputer, Google says that it is aware of the report and has “worked with the researchers to address the issue.”
“We have already implemented proactive measures to detect and block leaked API keys that attempt to access the Gemini API,” a Google spokesperson told BleepingComputer.
Google stated that new AI Studio keys will default to Gemini-only scope, leaked API keys will be blocked from accessing Gemini, and proactive notifications will be sent when leaks are detected.
Developers should check whether Gemini (Generative Language API) is enabled on their projects and audit all API keys in their environment to determine if any are publicly exposed, and rotate them immediately.
The researchers also suggest using the TruffleHog open-source tool to detect live, exposed keys in code and repositories.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
