Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
Hosted on MSN

Experts find Google API keys are still usable, even after you delete them

Aikido researchers find Google API keys remain usable for up to 23 minutes after deletion Success rates varied across trials, with Gemini‑enabled projects especially vulnerable to stolen files and ...