Google and AWS AI API abuse drives surprise $10k‑plus cloud bills

A developer in Australia woke to a $10,000 Google Cloud invoice despite a $250 spending limit, while a separate AWS customer reported a similar shock‑wave of AI‑related fees in the tens of thousands of dollars [2]. Both incidents stem from compromised API keys that let attackers run costly inference on the providers’ most expensive generative‑AI models without the owners’ knowledge.

Google’s trouble began when the company’s long‑standing guidance encouraged developers to expose Maps API keys publicly on front‑end code. A policy change three years ago extended those keys’ permissions to include access to Gemini, its flagship AI service. At the time, Gemini’s models were modest, but the launch of high‑cost variants such as NanoBanana and Veo 3 turned the exposed keys into a cheap gateway for abuse. Security firm Truffle warned in February that any publicly visible key configured for Gemini could be hijacked for unlimited inference, a risk many developers missed [2].

When attackers exploit these keys, they can generate massive workloads on Gemini’s premium models, which are billed at rates that quickly eclipse ordinary cloud usage. Victims often discover the abuse only after the bill spikes, because Google’s notification system surfaces the charge after the fact, not in real time. Moreover, Google’s recent spending‑cap policy, announced in March, automatically raises a user’s limit to $100,000 once they have spent just $1,000 and have been a Cloud developer for 30 days, effectively nullifying any modest caps set by the account holder [2]. For newer accounts, the cap jumps to $2,000 after a $100 spend, further widening the window for runaway costs.

AWS users face a parallel scenario. Although the Register’s coverage of the AWS case is less detailed, it describes a “massive bill” incurred without prior warning, implying that similar API key leakage or misconfiguration allowed malicious actors to tap into costly AI services on the platform [2]. Both cloud giants have been slow to provide rapid remediation or refunds, leaving affected customers to shoulder the unexpected expense.

These incidents highlight a broader vulnerability: as AI services become more lucrative, the incentive for attackers to weaponize exposed credentials grows. Cloud providers’ default security recommendations—public API keys for convenience—now clash with the high‑value nature of AI workloads. Without proactive monitoring, tighter caps, and clearer alerts, organizations risk repeated financial shocks.

The real question for enterprises is whether they will overhaul their key management practices and demand stricter spending controls, or continue to rely on default configurations that may invite costly abuse.