CPO Magazine

Researchers Warn Benign Google API Keys Could be Exploited to Rack Up Gemini AI Bills

Researchers with Truffle Security are warning that old and seemingly benign Google API keys might now be weaponized by threat actors after gaining Gemini AI authorization permissions, in a destructive ...

A stolen Gemini API key turned a $180 bill into $82,000 in two days

One of the affected developers shared the incident on Reddit. According to the post, the Google Cloud API key was compromised between February 11 and February ...

Google's unprotected API keys a security and cost risk due to Gemini AI

Security researchers have found nearly 3000 publicly visible Google API keys authorizing Gemini. This allows abusive access.
CSO Online

‘Silent’ Google API key change exposed Gemini AI data

API key exploitation is more than hypothetical. In a different context, a student who reportedly exposed a GCP API key on GitHub last June was left nursing a $55,444 bill (later waived by Google) ...
Krebs on Security

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, was the first to publicize the leak of credentials for an x.ai application programming interface (API) exposed in the ...
Yardbarker

Another API Key Scam Steam Users Are Warned

Heads up, Steam users—there’s another scam making the rounds, and it’s got the community on high alert. A couple of days ago, Reddit user Wonderful_Sock_2838 posted a PSA to r/Steam about a fresh API ...