I am a Paid Tier 1 user facing a critical billing issue that has resulted in a massive spike in my API costs. I am reaching out for immediate assistance and investigation regarding unauthorized model usage appearing on my bill.
1. Project Context:
Account Tier: Paid Tier 1.
Models Used: My project code explicitly calls onlygemini-2.5-pro and gemini-2.5-flash.
Cost Spike: I am observing a sharp and disproportionate increase in expenses that far exceeds the expected budget based on my actual traffic.
2. The Issue: Billing for “Foreign” Models: According to the billing breakdown in the Google Cloud Console, a significant portion of my costs is attributed to the following models, which my project NEVER requests:
Why is my project—which strictly calls gemini-2.5-pro and gemini-2.5-flash—incurring charges for imagen-4.0-generate, gemini-3-pro, and others?
What mechanism triggers these requests? Is there a known issue with automatic fallback, redirection, or incorrect billing labeling?
How can I access detailed logs/reports for these specific SKUs to verify the origin of these requests?
Will Google consider a refund for these unexpected and unauthorized charges?
Note to the Community: If anyone else has noticed charges for models they don’t use (especially multimodal ones like imagen-4.0-generate or image-specific Gemini versions), please share your experience below.
I request the Gemini API and Google Cloud Billing teams to conduct an urgent investigation. It is impossible to maintain development and budget planning with such unpredictable billing behavior.
Yes, I’m looking at a bill of $6,909 for calls to GenerativeLanguage.GenerateContent over about a month, none of which I made. I had quickly created an API key during a live Google training session. I never shared it with anyone and it’s not pushed to any public (or private) repo or website. Whomever got a hold of it made over a billion requests, 99% of which returned 429 errors. 429s are not supposed to be billed, so the $6k+ is a result of the 1% of calls which succeeded.
Generally, any usage on an account that was not caused by a direct error on Google’s side is technically considered “valid usage” even if the activity was unintended by you. A specialized team has raised a consultation with the Product Team. They are currently conducting a deeper investigation to clarify the specific usage details and ensure our findings are completely accurate. I have explicitly requested them to check if we can retrieve request headers or originating IP addresses that could help you identify how the key was being utilized…Our specialized team investigation concluded that no leaked API keys were detected in your project…*The key was not found in public repositories (a standard “leak” check), but they did not provide specific details on the methodology used to reach that conclusion. I understand that this lack of detail is frustrating and leaves your questions about the validity of the traffic unanswered.
*
I can no longer trust Google APIs. I made the mistake during a live training session to not properly restrict the API key, and didn’t catch the high usage in the cloud console until it added up to thousands. Even after I disabled the API another $2k+ registered. It was just for a quick test and never used it again personally.
This is actually alarming. I have contacted the support and at first they pretended that they did not understand the issue. After spending an hour of useless talks, they agreed to compensate a fraction of costs, but still have not admitted the erroneous charges. Think I have to stop using API for my projects since it is totally uncontrollable and useless instrument draining my money. Let alone the huge number of bad requests and bunch of errors which have been happening lately.
Note to the Community: If anyone else has noticed charges for models they don’t use (especially multimodal ones like
