Experts find Google API keys are still usable, even after you delete them

For more than 20 minutes after deletion, some Google API keys can still be used, apparently creating a major security gap.
Cybernews

Google Cloud developers going bankrupt over Gemini API key abuse: hard spending caps now available

Developers are being hit with massive, unexpected charges, sometimes over $67,000, because Google’s budget alerts and fraud ...
cybernews

Google API keys keep working for up to 23 minutes after you delete them

When Gemini users delete Google API keys, those keys remain active for up to 23 minutes, giving attackers time to abuse them to dump data, cache conversations, and make API calls. Google “won’t fix” ...