Truffle Security recently reported that, depending on certain GCP configurations, existing public keys can now be used to access the Gemini API, potentially allowing access to sensitive data or allowing financial DOS attacks: https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules This issue happens when:1 – A GCP Project has at least one existing key that is published somewhere (E.g., firebase or…
GCP: A script to list existing API Keys in your organization with Gemini access
Posted on