Google Cloud API Keys Compromised: Customers Hit With Tens of Thousands in Unauthorized AI Workload Bills

A growing number of Google Cloud customers are fighting for refunds after discovering their API keys were compromised and exploited to run costly artificial intelligence inference workloads, leaving them responsible for bills totaling tens of thousands of dollars. The exposed keys were allegedly used within minutes to access Google's most expensive video and image generation models, including Nano Banana and Veo 3. Victims report weeks of disputes with Google as they attempted to prove they did not authorize the charges.

The compromised accounts follow a consistent pattern: customers who paid modest monthly fees for years—primarily for services like Google Maps—suddenly found their credentials harvested and weaponized for compute-intensive AI tasks. The attack surface appears to be API keys inadvertently posted to public code repositories, a long-standing security misconfiguration that has become increasingly costly as AI model pricing has escalated. Google acknowledged the issue but characterized it as an industry-wide problem rather than a vulnerability specific to its platform. The company stated that the majority of incidents stem from exposed user credentials rather than breaches of its own systems.

The incident highlights the financial exposure hidden in poorly managed API credentials, particularly as organizations adopt metered AI services with per-call pricing structures. Security researchers have long warned that API keys, if leaked, can translate directly into financial liability because attackers can immediately pivot to expensive compute operations. For affected customers, the dispute raises questions about the adequacy of Google's notification systems and whether sufficient safeguards exist to detect and halt anomalous billing spikes before costs spiral beyond reach.