Web Scouter
Back to News
Security NewsHighIncidentunauthorized access

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

UnknownFeb 28, 2026(2 days ago)

Thousands of Google Cloud API keys were exposed, potentially allowing unauthorized access to sensitive Gemini endpoints and private data.

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix "AIza") embedded in client-side code to provide Google-related services like

Potentially Affected Vendors
Google Cloud Platform

Vendors are matched automatically based on AI analysis. Verify with official sources.

Related News

Shutdown Stalls Compliance Plans for Cyber Breach Reporting Rule

Unknown29 minutes ago

Nick Andersen Appointed Acting Director of CISA

Unknown33 minutes ago

CISA Releases New Guidance on Assembling Multi-Disciplinary Insider Threat Management Teams

Unknownabout 1 hour ago

Get Personalized Alerts

Track vendors and receive alerts when security incidents affect your supply chain.

What We Monitor

Security Incidents

Data breaches, ransomware, and unauthorized access

Vulnerabilities

CVEs and vendor security advisories

Compliance Updates

Regulatory changes and certification news

Legal News

Privacy laws and enforcement actions

Vendor Directory

Browse our directory of SaaS vendors with security documentation and compliance information.