Veo video generation returns 403 PERMISSION_DENIED on paid Tier 1 despite prepaid credit and correct key setup

Since the evening of July 16, 2026 (CEST), almost every Veo video generation request in Google AI Studio fails for my project, while the same setup worked earlier that day.

Setup: Tier 1 (paid), AI Studio prepaid billing (credit topped up on July 16; ample balance remains). API key created July 16 via AI Studio, bound to its service account, restricted to the Gemini API only, no application restrictions, linked as paid key in AI Studio.

What worked: On July 16 (~18:38-20:08 CEST), 5 billable Veo Fast requests (8 s, 720p) completed successfully and were charged correctly. The AI Studio rate-limit page shows peak usage 5/10 RPD, so the daily limit was NOT exhausted. On July 17, exactly two further requests were accepted (~09:25 and ~13:00 CEST) - everything in between and afterwards is denied.

What fails: AI Studio shows “Failed to generate video: permission denied. Please try again.” Network response: POST …/MakerSuiteService/GenerateVideo → HTTP 403, body [7,"The caller does not have permission"]. Tested on July 17 over ~5 hours (about 15 spaced attempts) with veo-3.1-generate-preview, veo-3.1-fast-generate-preview and veo-3.1-lite-generate-preview - all fail identically. Nothing is charged for the failed attempts.

Troubleshooting already done (no effect): verified billing active with sufficient prepaid balance; verified the key is linked as paid key; unlinked and re-linked the paid key; checked key restrictions and restricted a legacy unrestricted key in the same project per the forum banner guidance; temporarily granted the bound service account roles/owner (no effect, removed afterwards); checked the Cloud audit log (no IAM/key/billing changes between last success and first failure); daily quota not exhausted; requests also fail right after the Pacific-midnight quota reset.

The pattern (single requests succeeding every 1.5-3.5 hours, everything else denied with PERMISSION_DENIED rather than RESOURCE_EXHAUSTED) looks like an automated abuse/velocity flag on a newly upgraded paid account. Could someone from Google please check whether my project/account is flagged and restore normal access? I am happy to share the project number and billing details privately with Google staff.