"The company's developer described on Reddit how his startup's Google Cloud API key was allegedly misused between February 11 and 12. During that period, $82,314 worth of AI requests were made using the key. According to him, most of those costs were incurred through the use of Gemini 3 Pro Image and Gemini 3 Pro Text."
"For the company, this represents a huge deviation from its usual consumption. The startup, which consists of three developers in Mexico, normally spends about $180 per month on Google services. The unexpected costs, therefore, represent an increase of about 46,000 percent."
"Security researchers at Truffle Security have indicated that the problem may be more widespread. They found thousands of Google API keys that are publicly accessible on the internet. In total, they identified 2,863 active keys that can also be used to send requests to the Gemini API."
A three-person startup in Mexico experienced a massive unexpected charge of $82,314 after their Google Cloud API key was stolen and misused between February 11-12. The unauthorized requests primarily used Gemini 3 Pro Image and Gemini 3 Pro Text services, representing a 46,000 percent increase from their normal $180 monthly spending. After discovering the breach, the team immediately revoked the key, disabled the Gemini API, and replaced access credentials. Google's response invoked shared responsibility principles, placing key protection responsibility on customers. Security researchers at Truffle Security discovered thousands of publicly exposed Google API keys online, with 2,863 active keys capable of accessing the Gemini API, many originally used for Google Maps or Firebase services.
#api-security #generative-ai-costs #cloud-infrastructure-vulnerabilities #credential-exposure #shared-responsibility-model
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]