Googleが「公開してOK」と案内していたAPIキーがGeminiの認証キーにも ...

GoogleはFirebaseやGoogleマップなどのAPIキーを「公開しても安全なAPIキー」として案内しています。しかし、同じキーを用いて管理者のGeminiにアクセス可能なことがTruffle Securityの調査によって判明しました。
すまほん!!

Google公開OKのはずのAPIキー、Gemini認証兼用で情報漏洩

セキュリティ企業Truffle Securityが米国時間2026年2月25日付の記事で、Googleが長年「APIキーは秘密情報ではない」と案内してきたキーが、AI「Gemini」のAPIにも通ってしまう場合がある問題を公開しました。
Bitdefender

Leaked Google API keys can unlock Gemini API access and surprise bills

Exposed Google Cloud API keys in public JavaScript may now authenticate Gemini API calls, risking data exposure and runaway ...

A stolen Gemini API key turned a $180 bill into $82,000 in two days

One of the affected developers shared the incident on Reddit. According to the post, the Google Cloud API key was compromised between February 11 and February ...
Analytics Insight

Generative AI Rollout Exposes Hidden Risk in Google Cloud API Keys

A quiet change in how Google’s cloud services interact has opened an unexpected security gap, putting thousands of ...

Google's unprotected API keys a security and cost risk due to Gemini AI

Security researchers have found nearly 3000 publicly visible Google API keys authorizing Gemini. This allows abusive access.
CIO

‘Silent’ Google API key change exposed Gemini AI data

API key exploitation is more than hypothetical. In a different context, a student who reportedly exposed a GCP API key on GitHub last June was left nursing a $55,444 bill (later waived by Google) ...