Googleが「公開してOK」と案内していたAPIキーがGeminiの認証キーにもなっているせいで個人情報垂れ流し状態のウェブサイトが大量に存在
This Tweet is currently unavailable. It might be loading or has been removed.
,详情可参考夫子
an API and a user-friendly interface
:first-child]:h-full [&:first-child]:w-full [&:first-child]:mb-0 [&:first-child]:rounded-[inherit] h-full w-full
We provided Google with concrete examples from their own infrastructure to demonstrate the issue. One of the keys we tested was embedded in the page source of a Google product's public-facing website. By checking the Internet Archive, we confirmed this key had been publicly deployed since at least February 2023, well before the Gemini API existed. There was no client-side logic on the page attempting to access any Gen AI endpoints. It was used solely as a public project identifier, which is standard for Google services.