Hi,
I’m posting in parallel with a billing dispute already filed via Google Cloud Support, since the recent threads here describing the same client-side-key abuse pattern have been getting helpful coordinated responses from Google staff. Hoping for similar guidance.
What happened
On April 28, 2026, a Gemini API key tied to a small prototype project was abused to generate ~USD 6,000 in Gemini API charges within a single ~40-minute window. The project had been idle since November 2025 with effectively zero usage. Cloud Billing shows a flat zero baseline on April 25–27 and a single vertical spike on April 28. Google’s automated systems suspended the project shortly after the spike.
Root cause
The key was generated for a small prototype built from Google AI Studio’s exported sample-app code — a Vite + TypeScript frontend that reads the API key from a .env file (using the standard VITE_* convention) and injects it into the client-side bundle at build time. The result: the key was publicly visible in the deployed frontend bundle to anyone who pulled the JS, despite my having deliberately avoided hardcoding it anywhere in source.
This is the systemic client-side-key abuse pattern Truffle Security disclosed in February 2026 (Google API Keys Weren’t Secrets. But then Gemini Changed the Rules.), which Google subsequently classified as a Tier 1 vulnerability with public commitments to leaked-key blocking and proactive notification.
A few aggravating defaults worth noting alongside the disclosure pattern:
-
The Gemini API key was created with no rate limits by default — surprising compared to standard practice on most paid AI APIs.
-
The Cloud Billing budget alert I had set is a notification-only threshold, not an enforced cap, which I hadn’t realized at setup time. The alert fired but billing continued uninterrupted until the project was auto-suspended.
-
AI Studio’s exported sample app is presented as a quickstart artifact suitable for prototyping, with no explicit warning at code-export time that the
VITE_*convention will inline the key into the public bundle.
Detection
-
Five escalating Google Pay payment notifications received the same afternoon
-
Google Cloud auto-suspended the affected project after the spike
-
Cloud Billing report showing the SKU breakdown and the flat-baseline → spike pattern
Remediation completed within hours of detection
-
All remaining Google Cloud projects in the account deleted
-
Card provider contacted to block the charge (not possible at that stage)
-
Detailed billing dispute filed via Google Cloud Support — currently under goodwill review
-
Full root cause analysis completed
Evidence available
-
Cloud Billing report (April 25–27 zero-baseline, April 28 spike)
-
SKU-level cost breakdown of the unauthorized usage
-
Timestamps of all containment actions
-
Linkable references to Truffle Security disclosure and prior forum threads matching the same pattern
What I’m asking
-
Confirmation that the GCP Console billing dispute is the correct primary channel, or whether there is a faster route given the recent volume of similar cases.
-
Whether Google staff monitoring this forum can help nudge the dispute toward coordinated review alongside the recent client-side-key cases — the $2,200 case from April 20–22 and the $4,368 case from April 27.
-
Any guidance on what additional evidence is most useful for the billing team, given the pattern is now well-documented.
Thanks in advance — happy to share screenshots and any additional documentation in reply.