Google Cloud Keys Enable Unauthorized Gemini Access

Truffle Security found nearly 2,863 Google Cloud API keys publicly exposed, which can access Gemini endpoints after projects enable the Generative Language API. Researchers say exposed website keys and Quokka's scan of 250,000 Android apps (35,000 unique keys) can be abused to read files, leak cached content, and generate billable Gemini requests; Google implemented detection and blocking mitigations.