€54k spike in 13h from unrestricted Firebase browser key accessing Gemini APIs
discuss.ai.google.dev
April 16, 2026
4 min read
🔥🔥🔥🔥🔥
64/100
Summary
A €54,000+ charge occurred within 13 hours after enabling Firebase AI Logic on a Firebase project. The spike in billing was attributed to the use of a Firebase browser key without API restrictions for Gemini requests.
Key Takeaways
- A Firebase project experienced an unexpected €54,000+ charge due to automated Gemini API requests after enabling Firebase AI Logic.
- The charges were classified as valid usage by Google Cloud support, and a request for a billing adjustment was denied.
- Google is implementing measures to disable unrestricted API keys for the Gemini API and has introduced project spend caps to help manage costs.
- New users of the Gemini API will have Auth keys generated by default for enhanced security.
Community Sentiment
Positives
- The discussion highlights a critical gap in user experience with Google Cloud, emphasizing the need for better billing alert systems to prevent financial disasters.
- The community's awareness of API key security is growing, indicating a shift towards better practices in managing sensitive information.
Concerns
- The delayed billing alerts on Google Cloud can lead to catastrophic financial consequences, demonstrating a significant flaw in their service design.
- Users express frustration over the lack of a hard spending cap, which could protect against runaway costs, revealing a major oversight in user safety features.
- There is a perception that Google’s billing system is designed to benefit the company at the expense of users, labeling it as an 'antifeature' that traps users into unexpected charges.
