A small startup in Mexico faced an alarming bill of over $82,000 due to a stolen Google Gemini API key, highlighting the risks associated with generative AI. The incident, detailed by The Register, occurred between February 11 and 12, with unauthorized AI requests amounting to $82,314 using the company’s Google Cloud API key, which usually incurs monthly costs around $180.
Upon discovering the misuse, the team removed the compromised key and implemented security measures, but Google’s support cited the “shared responsibility” principle, placing the onus of key protection on users. Meanwhile, security researchers identified 2,863 publicly accessible Google API keys, enabling unauthorized AI access.
Google is addressing this issue and has introduced Gemini 3.1 Flash-Lite to offer developers cost-effective AI solutions. However, the incident underscores the critical need for robust API security to prevent potential financial repercussions from service abuse in the evolving landscape of cloud computing.
Source link
