Google API keys used to be safe to expose in client-side code—until Gemini came along. Now those same keys provide access to expensive AI services, and Google changed the rules without adequate warning. Thousands of apps are now leaking credentials that actually matter.

This is a perfect example of how adding AI to everything creates new security problems that didn't exist before.

Here's the background: For years, Google API keys for services like Maps or YouTube could safely be embedded in client-side JavaScript. They weren't really "secrets"—they were more like identifiers. Google used other mechanisms (like domain restrictions and rate limiting) to prevent abuse. This was well-documented and widely understood.

Developers built thousands of apps following this model. API keys in mobile apps, in JavaScript bundles, in public GitHub repos. It was fine, because those keys couldn't do anything particularly dangerous or expensive.

Then Google launched Gemini and integrated it into the same API key system.

Suddenly, those same keys that were safe to expose now provide access to AI services that cost real money. An attacker who finds your API key can rack up thousands of dollars in Gemini API calls. The security model that worked for Maps completely breaks for generative AI.

Did Google notify developers about this change? Sort of. If you were paying close attention to documentation updates and security bulletins, you might have noticed. But there was no aggressive campaign to warn developers that their existing keys were now exposed to a completely different threat model.

According to security researchers at Truffle Security, thousands of exposed Google API keys in public repositories now provide access to Gemini. Apps that were perfectly secure last year are leaking expensive credentials today.

The broader problem is that Google broke its own long-standing security model because needed different access patterns. Instead of creating separate credential types for AI services versus Maps, they unified everything under one key system that doesn't work well for either use case.