The Gemini "Silent" Escalation: How 3,000 Google API Keys Became Instant Backdoors


For over ten years, Google’s developer documentation carried a consistent, reassuring message: “API keys for services like Google Maps or Firebase are not secrets; you can safely embed them in your client-side code.” That advice is now officially a liability.

Security researchers at Truffle Security have revealed a critical "privilege creep" flaw. When a developer enables the Generative Language API (Gemini) on a Google Cloud project, every existing API key in that project even those sitting in public JavaScript for years—silently inherits the power to authenticate as a Gemini credential.

The "Retroactive Privilege" Trap

The issue isn't a bug in the traditional sense, but an architectural oversight in how Google Cloud handles retroactive permissions.

  • The Scenario: You created a Google Maps key in 2022 and embedded it in your website, exactly as Google instructed. Last week, a teammate enabled the Gemini API in that same GCP project to test a new AI prototype.
  • The Escalation: Without any warning, notification, or confirmation dialog, your public Maps key is now a Gemini secret.
  • The Payload: An attacker who scrapes that key can now access your uploaded AI training files, read cached prompt data, and—most significantly—rack up thousands of dollars in AI billing on your account.

The Scale: Thousands of Organizations Exposed

In a scan of the November 2025 Common Crawl dataset, Truffle Security found 2,863 live Google API keys that were publicly exposed and capable of authenticating to Gemini.

  • Who is affected? The list includes major financial institutions, global security firms, and even Google's own infrastructure.
  • The "Unrestricted" Default: By default, new Google Cloud API keys are "Unrestricted," meaning they work for every enabled API in a project. This legacy behavior has become a "skeleton key" for the AI era.

The Hacklido Takeaway

For the researchers and developers here at Hacklido, this is a masterclass in why Static Credentials are a ticking time bomb in evolving ecosystems.

  1. Check Your Projects: Go to your Google Cloud Console and navigate to APIs & Services > Enabled APIs. If the Generative Language API is on, you must audit your keys.
  2. Enforce Key Restrictions: Never leave a key as "Unrestricted." Manually limit each key to specific APIs (e.g., only the Maps SDK) and specific referrers.
  3. Rotation is Mandatory: If you have an "AIza" key that has ever been in public view, rotate it immediately if you have enabled Gemini in that project.

Google has begun implementing proactive measures to block leaked keys from accessing Gemini, but for thousands of legacy projects, the door remains ajar.