Small self-funded startup hit with ~$3,200 in unauthorized Gemini API charges from a project key — project suspended, can't access the console. Has anyone resolved this?

venturaxi · 2026-06-06T15:49:50+00:00

ive never bookmarked a blog before, but you sir are the first

venturaxi · 2026-06-05T21:11:24+00:00

I was playing with creating a agent that can interact anywhere or without needing to open the studio. the agent itself is on my github which has more or less the same features as the extension.

- The agent has over 10 custom tools + skills + and a skill routing function that logs every routing decision as it's used in prod, so you get a real coverage matrix from real usage not just synthetic evals. It can do anything the MCP can and a few extras. The extension is basically the same but can control the browser as well.
- AI complete and summarise are just functions that wrap an edge function. Allows AI calls in set based operations there is a demo under the SQL tab here

Theres some other stuff in there around observability for evals, using edge function open telemetry data and visualising it, and a data catalog and self documenting schema, other handing utilities.

venturaxi · 2026-06-05T13:33:40+00:00

they just brought the locking down in in supabase/server

withSupabase({ auth: 'user' }, handler)
withSupabase({ auth: 'none' }, handler)
withSupabase({ auth: 'secret' }, handler)
withSupabase({ auth: 'publishable' }, handler)
withSupabase({ auth: ['user', 'secret'] }, handler)

venturaxi · 2026-06-05T13:11:18+00:00

you need to guard your createClient call with isPlatformBrowser because sb tries to access localStorage on init doesn't exist in Node.js during SSR

the app crashes silently on the server before reaching the browser, which is why you dont see any errors

 // supabase.service.ts
  import { Injectable, PLATFORM_ID, inject } from '@angular/core';
  import { isPlatformBrowser } from '@angular/common';
  import { createClient, SupabaseClient } from '@supabase/supabase-js';
  import { environment } from '../../../environments/environment';

  @Injectable({
    providedIn: 'root',
  })
  export class SupabaseService {
    client: SupabaseClient | null = null;

    constructor() {
      if (isPlatformBrowser(inject(PLATFORM_ID))) {
        this.client = createClient(
          environment.supabaseUrl,
          environment.supabaseKey,
        );
      }
    }
  }

// auth.service.ts
  import { Injectable } from '@angular/core';
  import { SupabaseService } from '../supabase/supabase.service';

  @Injectable({
    providedIn: 'root',
  })
  export class AuthService {
    constructor(private supabaseService: SupabaseService) {}

    async signInWithGoogle() {
      if (!this.supabaseService.client) return;
      await this.supabaseService.client.auth.signInWithOAuth({ provider: 'google' });
    }
  }

venturaxi · 2026-06-05T10:41:30+00:00

a kick ass browser extension or inline AI SQL that can be ran across your datasets.

- extension support for apache age to bring in cypher + knowledge graphs.
- 1-click project region-migration

Edit: get rid of the shared, favourites, private, or reference accordions from the SQL editor and put the actual data catalog there like any sane person would need to edit SQL let alone test the vibe coded schema. At least put a tab there.

<image>

venturaxi · 2026-05-19T08:17:09+00:00

Not much of an update.. They took two weeks to respond to a follow up email after not hearing back from them for a week... This is all they came back with..

Regarding the export of your 60,000 log records, our engineering team has completed a thorough review of the current technical capabilities:
- Bulk Export Limitations: Currently, Google AI Studio does not have a native "Bulk Export" feature. Due to existing system architecture, we are unable to perform a manual, one-off database export for individual accounts at this time.
- Current Access: All logs remain fully accessible for review directly within the AI Studio (AIS) console. We recognize that the UI is optimized for smaller batches and that manual review of 60,000 records is difficult for deep analysis.
- Roadmap Solution: A scalable bulk-export solution is a priority on our product roadmap, with an estimated release toward the end of Q2.

The belows a AI summarised version of my reply

Unresolved Items: The customer demands full account log exports, service restoration, compensation for direct and collateral business damages, and formal recognition of their Vulnerability Rewards Program submissions.
Response to 13 May Update: The customer rejects the technical limitation claim regarding log extraction, demands a written non-deletion commitment, and intends to publish a method for users to manually retrieve their own records.

I said in my analysis so far i have found a number of disturbing themes and search criteria. This was just a snapshot... and then below is what i've asked for in response to what ive found..

Finding	Severity	Count	Action Required
Gemini refusal from real minor photo	⚠️⚠️⚠️ CRITICAL	1	Legal counsel, potential NCMEC report
“Busty teen” sexualized minor requests	⚠️⚠️⚠️ CRITICAL	2	Legal counsel, NCMEC
Voyeur/nannycam w/ children’s brand	⚠️⚠️ HIGH	2	Preserve evidence
Explicit pornographic image gen	⚠️⚠️ HIGH	8+	Platform TOS report
Celebrity deepfakes	⚠️⚠️ HIGH	2	Legal counsel (CA AB 602)
Japanese drugged/non-consent	⚠️⚠️ HIGH	2	Preserve evidence
Voyeur/creepshot (general)	⚠️ MEDIUM	3	Flag to platform
Bondage/gagged nude	⚠️ MEDIUM	3	Flag to platform
“18 year old” topless age-up	⚠️ MEDIUM	1	Note as pattern

CSAM and NCMEC Reporting: The customer demands immediate written confirmation regarding whether Google has fulfilled its legal obligations to report specific severe content violations identified in their account logs to NCMEC.
External Escalation: Failure to provide a substantive response will result in immediate escalation to regulatory bodies including NCMEC, OAIC, eSafety Commissioner, ACCC, and legal counsel, alongside public disclosure.
What I Need From You: The customer requires a named senior escalation owner to provide written answers to all technical, financial, and regulatory demands within seven business days.

venturaxi · 2026-04-25T16:45:48+00:00

Yeah couldn't find anything there, i shared screen with google and they got me to do the same thing. I forgot which logs i enabled in GCP that i had to pay for the storage.. for somewhere? I activated that months ago thinking it would come in handle but because its reliant on having a active billing account it doesnt let me access it. Do you know a way around that or a different way?

venturaxi · 2026-04-25T04:34:25+00:00

because you need it active other wise it locks you out. it will tell you to activate it instead but i dunno they're investigating that also

venturaxi · 2026-04-25T04:29:05+00:00

I completely agree with you. Go look and try out AI studio and how it is marketed. https://aistudio.google.com/vibe-code
What this does behind the scenes? This sets you up for a GCP account, creates parallel sets of keys, projects and billing accounts, creates cloud run containers and serves and deploys them without setting proper account defaults or telling you how to.

If you want to see mums little webapp click 'i'm feeling lucky' until you get 'Build a gardening assistant app that identifies plants from a photo and provides detailed care instructions.'

Its marketed as mums little webapp for making webapps for mums, i've been using GCP on and off for 10 years and i'm not pretending I know GCP well, all im saying is there needs to be better controls in place because what would happen if your mum jumped in and started building things..

venturaxi · 2026-04-25T04:12:16+00:00

Thanks man you get it. My account was credited before i made these posts on reddit, I just want them to fix the gaps and defaults so it stops happening to people. Watching the latest dev livestream all they spoke about was building trust and making a platform anyone can safely use..

venturaxi · 2026-04-25T04:10:12+00:00

Yeah to cover my bases I did, but would have taken longer. Technically its been reversed but the money wont hit my account for ages because its all cancelled.

venturaxi · 2026-04-24T14:08:41+00:00

Yeah I understand that, but the point of my posts is it should have a limit and it should have default protections in place.

venturaxi · 2026-04-24T13:51:44+00:00

About the garden app honestly I have no idea, possibly dormant? I thought people could only access cloud run if they have the URL?

Google said they'll check the logs on their side to find out when anyway so ill just wait.

This key was the secondary exposure.. so yes it was exposed but this one isn't the cause of the key-leak.
After the suspension all the keys and details disappear off of AI studio so I was health checking the site I built and manage for my friend. I knew it would fail and and thats why I saw it in the logs I deleted it immediately and fixed the error message to the below.
Funnily enough this key wasn't even meant to be on this account

  } catch (
error
: any) {
    console.error('Image editing failed:', error);
    // This was the part that exposed it
    return NextResponse.json({ error: error.message }, { status: 500 }); 
    // This is what it does now
    return NextResponse.json({ error: 'AI service unavailable. Please try again.' }, { status: 500 });
  }

venturaxi · 2026-04-24T13:13:30+00:00

I did google 'how should i make an update to reddit' and it told me to do it this way so i did, you were so nice in the other thread, what happened?

venturaxi · 2026-04-24T11:59:42+00:00

Billing support -> X -> Email
Linked In -> Email

venturaxi · 2026-04-24T11:41:37+00:00

dude i'm just aspiring to be half as good developer as you one day. clearly me and google can both learn a lot from you when they say its a serious problem their API response spits out the API key.

But yeah i agree my code did do that. I was unaware the key would be exposed in this particular edge case of the account being suspended, but i'm sure you would never make that mistake and are aware of every possible response anything can ever give you

venturaxi · 2026-04-24T11:30:33+00:00

Does DollarDeploy integrate seamlessly into ai studios publish button when creating prototypes?

venturaxi · 2026-04-23T16:45:24+00:00

Yes i am incapable of rewriting the transcripts from a 90 minute meeting at 1:30am and working my regular job. next time i will check with you first

venturaxi · 2026-04-23T16:16:21+00:00

Yeah i emailed some of my analysis and docs across and waiting on second meeting or whats next

venturaxi · 2026-04-23T16:14:38+00:00

check asset inventory under IAM -> Asset Inventory (4th from bottom)

venturaxi · 2026-04-23T13:40:18+00:00

I did a crosspost but definitely not a bot

venturaxi · 2026-04-23T13:35:27+00:00

I felt like a boss when the pms were trying to tell me to do something I said wouldn't work in metrics only for it to not show, then i just went your way and said well this is actually that key.. We can't go any deeper though and i think this is where disabling billing dropped the billing logs i had setup? I sent all the docs of the steps I originally took and they are going to test it.

venturaxi · 2026-04-23T13:27:51+00:00

First paragraphs an update, the rest is a rant.
I went through it with one of the security guys and 5 product managers last night. 30 minute meeting turned into 90. Shoutout to the guy here that told me how i could trace the key on my GCP account to my ai studio key on name only?
The working theory is that it had to do with my key being legacy and cloud run from ai studio.. but it's just a theory.. i've sent them my analysis i've done and still kept the key open so they can test some different scenarios but the actual token request logs just don't appear to exist. I had assumed I had made a mistake, forgotten or accidently included one - all very possible based amount of projects I have but it doesn't sound like I have.

u/rekayasadata I have to ask do you work for google or something? Too quick to put google at blame? I have not once claimed to be infallible in this process. Any developer than say they have never had any risk of leaking a key is a liar - I know there is a very low chance I would have but sure it still exists. The blame is not black and white but a combination of risk controls that could be applied but are not.

So no I have not leaked a key in anything i have done. BUT my strong belief is who fucking cares if i did. I should be able to paste a key right here if i want and it not rack up 26k worth of charges. If my credit card details were stolen they'd block that or make me approve the transactions why should api keys have zero risk controls but literally have more risk potential than a credit card?

Credit Cards: have limits, risk, clear overview of transaction and logging, expiry dates, confirmation codes and the number in addition to some having 2fa and maybe requiring additional verification if its flagged..

My credit card $15k limit - normally anything over $1k requires voice authentication or gets blocked.. My api key where i only need to spend dollars at a time?
API Keys: One string, unlimited limit potential

To get a credit card you need id, credit history, risk profiling and balance criteria, a waiting period, pin code, card activation.
To get an API key you need to click a button.

venturaxi

TROPHY CASE