Google API Keys Expose Gemini AI Endpoints in Legacy Security Flaw Security researchers at Truffle Security uncovered a critical vulnerability in Google’s API key architecture, where legacy public-facing keys originally designed for low-risk services like Google Maps can silently gain unauthorized access to Gemini AI endpoints. This flaw allows attackers to exploit exposed keys, accessing private files, cached data, and triggering costly AI queries without detection. The issue stems from insecure defaults in Google Cloud Platform (GCP). When developers enable the Generative Language API on an existing project, previously public API keys once considered safe for client-side use are automatically upgraded into sensitive credentials with unrestricted access. Since Google uses a single key format for both public identification and authentication, there is no separation between low-risk and high-risk environments. Exploitation is straightforward: attackers can scrape exposed keys from public code repositories and use them to query Gemini, potentially stealing data or incurring thousands in billable AI usage. The flaw affects thousands of websites, as many developers followed Google’s past guidance to embed API keys directly in client-side code. Google is mitigating the issue by defaulting new keys in AI Studio to Gemini-only access and blocking known leaked credentials. However, organizations must audit projects for unrestricted keys and rotate exposed credentials to prevent exploitation. The incident underscores the risks of retrofitting modern AI capabilities onto outdated cloud security models.

After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. Luke Marshall used the TruffleHog open-source tool to check the code in the repositories for sensitive credentials like API keys, passwords, and tokens. The researcher previously scanned Bitbucket, where he found 6,212 secrets spread over 2.6 million repositories. He also checked the Common Crawl dataset that is used to train AI models, which exposed 12,000 valid secrets. GitLab is a web-based Git platform used by software developers, maintainers, and DevOps teams to host code, for CI/CD operations, development collaboration, and repository management. Marshall used a GitLab public API endpoint to enumerate every public GitLab Cloud repository, using a custom Python script to paginate through all results and sort them by project ID. This process returned 5.6 million non-duplicate repositories, and their names were sent to an AWS Simple Queue Service (SQS). Next, an AWS Lambda function pulled the repository name from SQS, ran TruffleHog against it, and logged the results. “Each Lambda invocation executed a simple TruffleHog scan command with concurrency set to 1000,” describes Marshall. “This setup allowed me to complete the scan of 5,600,000 repositories in just over 24 hours.” The total cost for the entire public GitLab Cloud repositories using the above method was $770. The researcher found 17,430 ver