In March 2026, a three-member development team from Mexico took to Reddit, seeking assistance with an unexpectedly exorbitant bill. The team had been utilizing Google Cloud's Gemini service when, due to an operational oversight, they inadvertently exposed their API key to the public internet. Security investigations uncovered a concerning issue: upon enabling Gemini, Google Cloud Platform API keys silently acquired sensitive interface access permissions without any form of notification. This lack of transparency led to a significant number of keys being publicly exposed, which then became tools for attackers to pilfer data and maliciously deplete computing resources. By February 2026, over 2,800 publicly exposed keys had been identified as directly exploitable, spanning various sectors including finance, security, and the internet. Attackers could exploit these leaked keys to invoke the Gemini interface, gain access to sensitive corporate data, and maliciously exhaust quotas, resulting in a dramatic spike in victims' bills and, in some cases, business disruptions. In response, Google has implemented measures such as restricting permissions for newly generated keys, blocking access from compromised keys, and issuing notifications. The tech giant also advises developers to conduct thorough audits of their key configurations and rotate any keys deemed at risk.