Google’s Gemini API Key Overlap Exposes Critical Security Flaw in Public Keys

Google’s recent integration of its Gemini AI platform into existing API infrastructure has inadvertently created a severe security vulnerability, exposing thousands of API keys that were never intended to be secret. According to Truffle Security, API keys originally generated for public-facing services like Google Maps — which are embedded directly in client-side web code — have been retroactively granted access to Gemini’s private, billable endpoints without developer notification or consent. This represents a fundamental shift in credential privilege, transforming harmless identifiers into high-risk secrets.

The issue stems from Google’s shared project-based API key architecture. Developers routinely create a single API key for multiple Google services, often assuming that enabling a new service (like Maps) won’t alter the security posture of existing keys. But when the Gemini API was enabled on a project containing a public Maps key, that same key gained unrestricted access to Gemini’s model listing, text generation, and billing endpoints — all without any warning or re-authentication. As Truffle Security notes, this isn’t a misconfiguration; it’s a privilege escalation orchestrated by backend policy changes invisible to the developer.

Truffle Security’s investigation, published February 25, 2026, uncovered 2,863 API keys in the November 2025 Common Crawl dataset that could successfully query Gemini’s /models endpoint — confirming active access to proprietary AI functionality. Alarmingly, several of these keys originated from Google’s own internal projects, one of which had been deployed since February 2023 — nearly two years before Gemini’s public release. This suggests the key predates the service it now unlocks, making it a dormant time bomb in Google’s own ecosystem.

While Google has begun revoking compromised keys, the scale and invisibility of the exposure raise serious questions about credential lifecycle management. Unlike traditional secrets, which are stored in secure vaults and rotated regularly, public API keys are often hardcoded into open-source repositories, mobile apps, or legacy websites. Once exposed, they remain active until revoked — and in this case, their permissions were silently upgraded without any audit trail or user alert.

The vulnerability also intersects with broader concerns about insider threats. Just days before Truffle’s report, The Hacker News revealed that three former Google engineers were indicted for allegedly stealing proprietary AI models and transmitting them to entities in Iran. While unrelated to the API key flaw, the timing underscores a growing pattern: Google’s AI infrastructure is becoming a high-value target, and even minor credential missteps can have national security implications.

Security experts warn that this flaw is not isolated to Google. Other cloud providers with similar multi-service key architectures may harbor analogous risks. The incident highlights a systemic failure in the industry’s assumption that API keys are static in their permissions. As AI services proliferate, credential policies must evolve to treat keys as dynamic assets with changing risk profiles.

Developers are urged to audit all Google Cloud projects for API keys with access to Gemini, especially those used in public-facing applications. Google recommends enabling API key restrictions (such as HTTP referrer or IP whitelisting) and using service accounts for server-to-server communication instead of API keys where possible. For organizations relying on legacy integrations, immediate key rotation and project segmentation are critical.

As AI becomes central to enterprise infrastructure, the line between public and private credentials must be rigidly enforced. Google’s oversight serves as a stark reminder: in the age of generative AI, a key meant for maps can now unlock the future — and if left unsecured, it’s already been unlocked by strangers.