Threat hunters find Google API keys still usable 23 minutes after deletion

You know your Google API key has leaked so you rush to disable it before bad actors can start running up charges on your account. Bad news: According to security researchers at Aikido, people can use ...
InfoWorld

‘Silent’ Google API key change exposed Gemini AI data

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from ...
Tech Times

Fake Claude Code Installers on 32 Live Sites Steal Developer API Keys via Google Ads

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

Experts find Google API keys are still usable, even after you delete them

For more than 20 minutes after deletion, some Google API keys can still be used, apparently creating a major security gap.
Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...

Google Splits Its Agent Strategy For Two Developer Audiences

Google split its agent strategy at I/O 2026, giving developers a low-friction Antigravity on-ramp that scales up to a governed enterprise tier.