Banks – and Google – Open to Gemini-Powered Exfil via Public API Keys, Researchers Say

Google’s long‑standing guidance encouraged developers to embed API keys in public‑facing code for services like Maps, treating them as simple identifiers rather than secrets. That model made sense when the keys granted only limited, read‑only functionality. However, the launch of Gemini, Google’s generative AI platform, introduced a new privilege level: the same key can now request document uploads, retrieve content summaries, and execute costly AI queries. When an organization unintentionally enables Gemini on an existing key, the key’s public exposure becomes a high‑value credential, effectively turning a benign identifier into a password.

The practical impact is stark. Truffle Security’s November sweep uncovered 2,863 publicly visible keys that were already active on Gemini, spanning major banks, security vendors, and Google’s own services. An attacker scraping a website could harvest a key, list the organization’s uploaded files, extract sensitive data, or generate expensive AI workloads that inflate cloud bills. For financial institutions, the risk extends beyond data loss to regulatory penalties and reputational damage. The incident also illustrates how AI services can amplify traditional API‑key misconfigurations, turning a simple oversight into a tier‑1 security breach.

Google’s response includes blocking known leaked keys and monitoring anomalous billing patterns, but the episode highlights a need for industry‑wide reassessment of API‑key hygiene. Organizations should treat all keys as secrets, enforce strict usage restrictions, rotate keys regularly, and employ automated scanning for unintended Gemini activation. Cloud providers must provide clearer controls and default‑deny settings for AI‑related endpoints. As AI APIs become ubiquitous, the line between public identifiers and privileged credentials blurs, making proactive security governance essential for protecting data and controlling costs.