すまほん!!

Google公開OKのはずのAPIキー、Gemini認証兼用で情報漏洩

セキュリティ企業Truffle Securityが米国時間2026年2月25日付の記事で、Googleが長年「APIキーは秘密情報ではない」と案内してきたキーが、AI「Gemini」のAPIにも通ってしまう場合がある問題を公開しました。

A stolen Gemini API key turned a $180 bill into $82,000 in two days

One of the affected developers shared the incident on Reddit. According to the post, the Google Cloud API key was compromised between February 11 and February ...

Google's unprotected API keys a security and cost risk due to Gemini AI

Security researchers have found nearly 3000 publicly visible Google API keys authorizing Gemini. This allows abusive access.
GIGAZINE

The API key that Google had announced as 'OK to publish' is also the Gemini authentication ...

The Google Maps documentation also provides an example of including an API key in your website's code. In fact, until now, even if a website administrator made the above API key public, they would not ...
CIO

‘Silent’ Google API key change exposed Gemini AI data

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from ...