Researchers with Truffle Security are warning that old and seemingly benign Google API keys might now be weaponized by threat actors after gaining Gemini AI authorization permissions, in a destructive attack that could target a victim's wallet.
Nearly 12,000 live API keys were found in an AI training dataset used by various models such as OpenAI and DeepSeek, exposing services like AWS, MailChimp, and Slack to exploitation.
