Deleting a compromised Google API key doesn't immediately stop abuse. Attackers can still use it for an average of 23 minutes, with a success rate above 90%, according to security firm Aikido.
TechCrunch interviewed Google Cloud COO Francis de Souza, who acknowledged the issue. "Security is not something you can bolt on later, and it's not something you can leave up to employees to do on their own," he said.
How the 23-minute window works
The problem came to light after several developers suffered financial losses. Google Cloud developer Rod Danan saw a $10,138 bill within 30 minutes after an attacker used his API key to run Gemini inference. Another developer, Isuru Fonseka from Sydney, Australia, set a $250 spending cap but still received a bill for AUD $17,000. The auto-pay limit was $100,000, meaning a single night could have wiped him out.
Worse, the stolen keys were originally for Google Maps, but attackers used them to access Gemini services. Google's API permissions are not properly isolated—a Maps key can open Gemini's door.
Aikido researcher Joseph Leon found that revoking a compromised Google API key takes an average of 23 minutes to propagate globally. During that time, attackers can continue using the key with a success rate over 90%. "Both run at Google scale. Both suggest this is technically solvable for Google API keys, too," Leon said, noting that service account credentials can be revoked in 5 seconds and Gemini AQ-prefix keys in about 1 minute.
Google COO admits they are learning on the job
TechCrunch reporter Connie Loizos asked de Souza at a Los Angeles event. "There'll be a transition period, and then I think we get to this better place," he said, implying the company hasn't solved the problem yet. He advised enterprise customers to adopt a "platform approach": "In addition to your usual estate, you have models now. You have data pipelines used to train the models."
LinkedIn CISO Lea Kissner added: "We're going to need people to deal with the bug-pocalypse." The term refers to the explosion of AI-generated code that security reviews can't keep up with.
Attack speed is also accelerating
The same research shows that the time from initial breach to the next stage of attack has dropped from 8 hours to 22 seconds. While Google API key revocation takes 23 minutes, service account credentials can be revoked in 5 seconds, and Gemini AQ-prefix keys in about 1 minute. The attack success rate during the 23-minute window exceeds 90%.
The shift from 8 hours to 22 seconds means security teams can no longer manually analyze alerts. AI-agent-assisted attack chains have compressed lateral movement to seconds—exactly what Kissner called the "bug-pocalypse."
Who is responsible
The issue has two layers. On the surface, Google's API key revocation mechanism is flawed. Technically solvable, but not prioritized. At a deeper level, developers embed keys in client-side code (e.g., Google Maps keys in frontends), which then leak and are used to call paid APIs. Google's API design has a bug: Maps keys should not be able to call Gemini directly; permission boundaries are unclear.
De Souza's "transition period" admission means Google's best practices are not yet mature. But customers have already been billed. Google has partially refunded affected developers but hasn't discussed to reducing the 23-minute window. Security veterans say default secure configurations are more important than post-hoc fixes. Google's 23-minute window was a default nobody questioned until Aikido exposed it.
The next question is whether other cloud providers will exploit this. AWS IAM revocation takes seconds, and Azure is similar. If Google Cloud's next earnings show customer churn, this incident may be the cause.
Sources: CocoLoop; Everyone is navigating AI security in real time — even Google (TechCrunch)