A report reveals Google Cloud's API keys use the same format for public IDs and secret auth. That overlap lets public keys reach the Gemini API.
New keys default to Unrestricted. Existing keys can be retroactively granted Gemini access. Google will add scoped defaults, block leaked keys, and notify affected projects.
