| ▲ | 100ms 12 hours ago | |
This is only a little billing leakage, Operation Aurora in 2009 was 100x worse | ||
| ▲ | 827a 12 hours ago | parent [-] | |
It's actually much more than a billing leak [1]; again, most people don't know how bad this is, because Google is trying to keep it hush-hush. These keys don't just grant access to Gemini completions; they grant access to any endpoint on the generative AI google cloud product. This includes: seeing all of the files that google cloud project has uploaded to gemini, and interacting with the gemini token cache. [1] https://trufflesecurity.com/blog/google-api-keys-werent-secr... | ||