Google API Keys Remain Usable for 23 Minutes After Deletion, Researchers Warn
Aikido researchers found that Google API keys stay valid for up to 23 minutes after deletion due to slow propagation, allowing attackers to run up charges, exfiltrate Gemini data, and exploit auto-billing tier upgrades.
Security researchers at Aikido have discovered that Google API keys remain usable for up to 23 minutes after a user believes they have been deleted, creating a dangerous window for attackers to abuse compromised credentials. In a series of tests across three Google Cloud regions, the team found that key revocation propagates unevenly across Google's infrastructure, with some servers accepting a deleted key for nearly half an hour while others reject it in seconds. This delay, combined with Google's automatic billing tier upgrades, can lead to devastating financial losses for developers.
The propagation gap means an attacker holding a leaked key can repeatedly send requests until one reaches a server that hasn't yet processed the deletion. "From the time a user deletes the Google API key to when it can no longer be used propagates gradually across Google's infrastructure," said Joseph Leon, a security researcher at Aikido. During the window, attackers can run up compute charges, and if Gemini is enabled on the project, they can dump files uploaded to the AI model and exfiltrate cached conversations. Aikido observed minutes where over 90% of requests still authenticated, giving attackers high chances of successful exploitation.
The research highlights a compounding issue with Google's billing policies. In April, Google reworked its billing system to include automatic spending tier upgrades. For users who have been active for more than 30 days and have spent over $1,000, their cap can jump from $250 to $100,000 without explicit consent when usage spikes. Developers whose API keys were stolen reported receiving five-figure bills within minutes of the breach. The Register brought three such cases to Google's attention, and the company issued refunds totaling $154,000.
Aikido tested the revocation window across 10 trials over two days, sending three to five authenticated requests per second after deleting a key. The average window was 16 minutes, with a worst-case of nearly 23 minutes. Interestingly, virtual machines farther from the U.S. detected the deletion faster than those closer, a pattern the researchers could not fully explain but attributed to region-specific infrastructure or routing differences. The same behavior was observed with keys scoped to BigQuery and Maps, not just Gemini.
Google has already demonstrated faster revocation for other credential types. Service account API credential revocations propagate in about five seconds, and Gemini's newer API key format (starting with AQ) propagates in about one minute. "Both run at Google scale. Both suggest this is technically solvable for Google API keys, too," Leon wrote in the paper. However, Google told Aikido it has no plans to fix the 23-minute gap, closing the report as "Won't Fix (Infeasible)" with the comment that "the delay due to propagation of the deletion of these keys is working as intended."
The findings echo a similar issue disclosed in December involving AWS keys, where a four-second window after deletion allowed attackers to create new credentials. "Four seconds was enough to matter on AWS," Leon noted. The research underscores the broader challenge of credential revocation at cloud scale, where consistency and speed can lag behind user expectations. For developers, the advice is clear: treat a leaked API key as immediately dangerous even after deletion, and consider rotating credentials aggressively.
Google has not yet responded to The Register's request for comment. Until a fix is implemented, developers are urged to monitor billing dashboards, set hard spending limits where possible, and use newer key formats that propagate faster. The incident also reinforces the importance of least-privilege access and short-lived credentials, especially for services tied to AI models like Gemini that can expose sensitive data beyond just compute costs.
Dark Reading's interview with researcher Joe Leon adds new detail: the revocation window varies significantly by GCP region, with VMs in asia-southeast1 showing only 22% authentication success after one minute versus 49% in us-east1 and europe-west1, a pattern Leon attributes to complex request routing rather than simple geographic proximity. Leon also notes that Google's newer Gemini API key format revokes in about one minute and service account deletions propagate in five seconds, suggesting the 23-minute window for standard API keys is technically solvable but remains unfixed.
Aikido Security's tests also showed that the revocation delay is not limited to Gemini API keys—keys scoped to BigQuery and Maps exhibited the same behavior. In contrast, Google Service Account keys and a newer Gemini-specific API key format were revoked in approximately 5 seconds and 1 minute, respectively, indicating that faster revocation is technically feasible.