Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Latest AI and industry news. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

News Trending AI News

Deleted Google AI API Keys Stay Active for 23 Minutes

Security researchers found deleted Google API keys still work for up to 23 minutes, a gap that affects Gemini, BigQuery, and Maps APIs.

Enterprise DNA | | via The Register
Deleted Google AI API Keys Stay Active for 23 Minutes

When a security breach happens and an API key is compromised, the standard response is simple: delete the key immediately and move on. According to new research from security firm Aikido, that response has a flaw — at least when it comes to Google’s APIs. Deleted keys keep working for up to 23 minutes.

The finding, published by Aikido researchers and widely reported across the security press starting May 21, 2026, has uncomfortable implications for any business using Google’s AI tools, data infrastructure, or mapping services.

What Aikido Found

Researchers ran 10 trials over two days. Each time, they created a Google API key, deleted it, and then fired authenticated requests at three to five per second until the key stopped being accepted. The results were unsettling: some servers rejected the key almost immediately, while others kept accepting it for up to 23 minutes. The median revocation lag was around 16 minutes.

The root cause is infrastructure propagation. Google’s systems don’t instantly replicate key deletions across every server. Some nodes catch up quickly, others take much longer. The result is that an attacker holding a stolen key has a meaningful window of continued access, even after the victim believes the threat is neutralised.

APIs confirmed to be affected include Gemini (Google’s AI platform), BigQuery (its enterprise data warehouse), and Google Maps — though researchers noted the same pattern appeared across other GCP services.

The Billing Twist

The research hit at a particularly awkward moment. In April 2026, Google reworked its billing tier system for API usage. The change was framed as a cost-management feature, but it introduced an automatic escalation: if your account has been active for more than 30 days and has spent more than $1,000 in total, Google can silently upgrade your spending cap from $250 up to $100,000 when usage spikes.

Combine that with a 23-minute window of continued key access, and a compromised credential becomes a much more expensive problem than it first appears. An attacker with a deleted key could not only exfiltrate data — Gemini caches uploaded files and conversations — they could also trigger the billing escalation and run up significant charges before the deletion fully propagates.

Google’s Response

Google’s initial response to Aikido’s report was to close it as “Won’t Fix (Infeasible)” with a note that the propagation delay “is working as intended.” That created a predictable backlash from the security community.

By May 22, 2026, Google had reversed course. The report was re-opened and reclassified as a P0 bug — the highest internal severity level. No timeline for a fix has been announced, but the shift from “working as intended” to emergency priority is significant.

What This Means for Business

Most businesses using Google’s AI tools treat API key management as a fairly low-stakes administrative task. This research changes that calculus.

If you’ve had a key compromised, the immediate response needs to be more than deletion. The standard playbook — rotate the key, delete the old one, done — leaves a window open. Security teams should treat deletion as the start of a 30-minute lock-down period, not an instant fix. During that window, monitor for anomalous API calls and consider billing alerts.

For businesses using Gemini for AI workloads, the file exfiltration risk is worth taking seriously. Gemini caches uploaded files and conversation context. A compromised key in that 23-minute window could expose data that companies assume is protected by access controls.

For data teams using BigQuery, the concern is both data access and billing. A malicious actor with a recently-deleted key could run expensive queries before propagation catches up.

The broader lesson is that API security in a cloud AI environment isn’t just about access controls — it’s also about understanding the propagation latency of your vendor’s infrastructure. Most cloud providers have some version of this lag, but few have it tested and published as explicitly as Aikido did here.

Practically, the recommendations from researchers are straightforward: treat deleted keys as potentially still active for at least 30 minutes, set billing alerts that trigger well below your cap, and audit what data is cached under any compromised credential before assuming the incident is closed.

This is the kind of operational security detail that rarely makes it into vendor documentation. For teams scaling AI workloads on Google’s stack, it’s worth adding to your incident response checklist now, before the fix arrives.