A Mexican developer on a three-person team accidentally exposed their Google Gemini API key and attackers exploited it to generate an $82,000 bill in 48 hours. The team is now disputing the charge with Google amid criticism of shared-responsibility policies and Google Cloud’s lack of hard spending quotas, which left them financially liable. #GoogleGemini #GoogleCloud
Keypoints
- Accidental public exposure of a Google Gemini API key led to malicious scraping and misuse.
- A typical $180 monthly bill escalated to $82,000 within 48 hours due to unauthorized requests.
- Google cited the shared responsibility model and declined to cancel the invoice.
- Google Cloud lacks strict, hard spending quotas that would automatically stop runaway charges.
- Developers should verify quota protections and secure API keys before deploying cloud-based AI services.