Thousands of Public Google Cloud API Keys Exposed in Client-Side Code

Research by Truffle Security revealed that nearly 3,000 Google Cloud API keys, identifiable by the "AIza" prefix, were exposed in client-side code, enabling unauthorized access to sensitive Gemini endpoints. These keys, typically used as project identifiers for billing, could be abused to authenticate and retrieve private data. The findings specifically highlight risks associated with API keys embedded in public-facing code for Google-related services. No specific date for the discovery or affected versions was provided. The impact includes potential unauthorized access to Gemini APIs and exposure of confidential information.