Google API Keys Remain Active for Up to 23 Minutes After Deletion, Researchers Warn
Table of Contents
The 23-Minute Window
When a developer realizes an API key has been leaked, the immediate instinct is to delete it. For most, that action signals the end of the threat. However, new research from security firm Aikido suggests that hitting ‘delete’ on a Google API key is more of a request than an immediate command, leaving a window of vulnerability that can stretch for nearly half an hour.
According to Joseph Leon, a security researcher at Aikido, Google API keys can remain functional for up to 23 minutes after they have been officially revoked. This delay is caused by propagation lag—the time it takes for the instruction to delete the key to reach every server across Google’s global infrastructure. During this interval, an attacker can continue to send authenticated requests, hitting servers that haven’t yet received the update.
In a series of trials conducted over two days, Aikido researchers created and deleted keys, then flooded the system with requests at a rate of three to five per second. The results showed a wildly unpredictable success rate: in some minutes, over 90% of requests still authenticated; in others, fewer than 1% did. For a sophisticated attacker, this inconsistency is an invitation to send high volumes of traffic to maximize the chances of hitting a non-updated server.
More Than Just a Billing Problem
While the most immediate fear for many developers is a sudden, massive bill, the security implications go deeper. Leon notes that if the compromised key provides access to Gemini, the window allows attackers to exfiltrate cached context and pull sensitive files that were uploaded to the AI model.
The financial risk is amplified by Google’s own billing architecture. In April, Google introduced spending tiers designed to limit costs, but the system includes a mechanism that can automatically upgrade a user’s spending tier without explicit notification. For accounts older than 30 days with a lifetime spend exceeding $1,000, a spending cap can jump from $250 to $100,000 if usage spikes suddenly.
This creates a ‘perfect storm’ for credential theft. Reports have emerged of developers facing five-figure bills within minutes of a leak, as attackers leverage high-compute models like Veo 3 and Gemini Nano. In three specific instances brought to light by reporting from The Register, Google eventually issued refunds totaling $154,000, but for many, the stress of watching thousands of dollars vanish in real-time remains a significant deterrent.
A Question of Engineering Priority
The propagation delay isn’t universal across all Google services, which suggests the issue is not an insurmountable technical limitation. Leon’s research found that Google service account API credentials typically propagate in about five seconds, and the newer ‘AQ’ format keys for Gemini propagate in roughly one minute.
Aikido tested these findings across three global regions—the US East Coast, Western Europe, and Southeast Asia. Interestingly, the researchers found that VMs further from the US actually picked up the deletion faster, though they noted that Google’s routing is too complex to draw a definitive conclusion about regional server affinity.
Google’s Stance
When presented with the findings, Google reportedly declined to implement a fix. According to Leon, the company closed the report as ‘Won’t Fix (Infeasible),’ stating that the propagation delay for these specific keys is ‘working as intended.’
This response highlights a tension between cloud provider efficiency and user security. While a 23-minute window may be an acceptable trade-off for Google’s global scale and caching architecture, it leaves developers in a precarious position where the primary tool for mitigating a leak—deletion—is fundamentally delayed.
