Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests
Summary
A Google AI Developers Forum post describes a sudden €54k billing spike after enabling Firebase AI Logic and using an unrestricted Firebase browser key to access Gemini API. The incident highlights credential security risks, anomalous automated usage, delayed cost reporting, and challenges with billing adjustments. It also raises questions about safeguards beyond App Check and quotas for SMBs leveraging Gemini API in client-facing or low-code/no-code contexts.