Google Cloud AI Security: API Key Leaks, 23-Minute Revocation Gap, and $10K Bills

Google Cloud AI: Security Advice vs. Reality

Google Cloud COO Francis de Souza recently told TechCrunch that security must be built in from day one, not bolted on later. He warned about "shadow AI" and stressed that companies need a platform approach. But while de Souza speaks of a future where AI defense is agentic and machine-speed, Google Cloud itself is grappling with API key vulnerabilities that have left developers with five-figure bills.

The $10k API Key Problem

The Register documented multiple cases where developers who used Google Maps API keys found their credentials silently upgraded to access Gemini models. Rod Danan, CEO of Prentus, saw a $10,138 bill in 30 minutes after attackers exploited his compromised key. Isuru Fonseka, a Sydney developer, woke up to AUD $17,000 in charges despite setting a $250 spending cap. Google's automated system had upgraded their billing tiers to as high as $100,000 without explicit consent.

Google refunded both after The Register's report but told the publication it has no plans to change its automatic tier-upgrade policy, prioritizing service outages over user budget preferences.

23-Minute Revocation Window

Even if you catch a compromised key and delete it, attackers can still use it for up to 23 minutes. Security firm Aikido found that Google's revocation propagates gradually. Researcher Joseph Leon noted that during that window, success rates are unpredictable—in some minutes over 90% of requests still authenticate. Attackers can exfiltrate files and cached Gemini conversation data.

Leon pointed out that Google's newer credential formats don't have this problem: service account API keys revoke in about five seconds, and Gemini's AQ-prefixed keys take about a minute. "Both suggest this is technically solvable for Google API keys, too," he wrote. The 23-minute gap is a matter of priority, not engineering.

De Souza's Vision vs. Reality

De Souza's advice is sound: "There's no such thing as an AI strategy without a data strategy and a security strategy." He advocates for a multicloud approach and notes that the attack surface now includes models, data pipelines, agents, and prompts. The average time from breach to handoff has dropped from eight hours to 22 seconds.

But the gap between Google's prescriptions and its own practices is evident. De Souza warned about agents roaming enterprises and exposing forgotten data repositories—yet Google's own agent infrastructure (Gemini API) can be accessed via API keys that were never intended for that purpose.

What Developers Should Do Now

1. Audit API key scopes immediately. Check if your keys have permissions you didn't explicitly grant. Google's automatic tier upgrades can silently expand access.
2. Set hard spending limits. Even if you set a cap, Google's system may override it. Use separate billing accounts or budget alerts at the project level.
3. Use service account credentials or AQ-prefixed keys for Gemini access. They revoke faster (seconds vs. minutes).
4. Implement key rotation and revocation monitoring. Assume any leaked key is active for at least 23 minutes after deletion.
5. Treat AI models as part of your attack surface. Monitor for unexpected API calls and data exfiltration.

The transition period de Souza mentioned is real. But until platforms like Google Cloud close the gap between their security advice and their own infrastructure, developers must take extra precautions.