Security Researchers Uncover Thousands of Exposed Google Cloud API Keys Granting Unauthorized Access to Gemini AI

Thousands of Google Cloud API keys found public, allowing unauthorized use of Gemini AI models due to misconfigured service enablement and poor key hygiene.

By: AXL Media

Published: Feb 28, 2026, 5:03 AM EST

Source: The information in this article was sourced from The Hacker News

The Discovery of Widespread API Vulnerabilities

A major security investigation has revealed that thousands of Google Cloud Platform API keys have been inadvertently leaked across public repositories, granting attackers direct access to premium Gemini AI models. Security researchers discovered that while many of these keys were initially restricted, a recent shift in how Google manages API enablement has left them vulnerable to exploitation. The exposure allows unauthorized actors to utilize the compute power and data processing capabilities of Gemini, potentially leading to massive financial losses for the affected organizations. According to the research report, the leak spans multiple industries, with keys found in public code repositories, misconfigured cloud storage buckets, and improperly secured web applications.

Navigating the Regulatory and Security Compliance Landscape

The incident highlights a critical gap in the regulatory and technical oversight of cloud-based artificial intelligence integration. As organizations rush to implement generative AI, the traditional security frameworks for API management are often bypassed or misunderstood by development teams. According to cybersecurity experts, the competitive landscape for AI dominance has led to a "speed over security" culture, where the primary focus is on feature deployment rather than robust credential rotation. This exposure puts companies at risk of violating strict data protection mandates, such as GDPR and CCPA, as unauthorized access to AI models could potentially lead to the exfiltration of sensitive training data or proprietary company prompts.

Strategic Rationale and the Mechanics of Exploitation

The strategic rationale behind this specific wave of attacks is the high value of AI compute tokens, which have become a form of digital currency for malicious actors. By hijacking an exposed API key with Gemini access, attackers can run complex large language model queries at the expense of the victim, effectively using the stolen credentials for "AI-jacking." Researchers noted that the exploitation process is highly automated, with bots scanning platforms like GitHub for specific Google Cloud key strings. Once a key is identified as active, it is immediately tested against various AI endpoints to determine the level of access, allowing the attacker to scale their operations across thousa...