Google API keys weren’t secrets, but then Gemini changed the rules
New Webinar: Google API Keys Weren’t Secrets. But then Gemini Changed the Rules.TRUFFLEHOGCUSTOMERSCOMPANYRESOURCESLOG INContact UsNew Webinar: Google API Keys Weren’t Secrets. But then Gemini Changed the Rules.Joe LeonThe DigFebruary 25, 2026Google API Keys Weren’t Secrets. But then Gemini Changed the Rules.Google API Keys Weren’t Secrets. But then Gemini Changed the Rules.Joe LeonFebruary 25, 2026tl;dr Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that’s no longer true: Gemini accepts the same keys to access your private data. We scanned millions of websites and found nearly 3,000 Google API keys, originally deployed for public services like Google Maps, that now also authenticate to Gemini even though…
