A developer reports receiving an unexpected €54,000+ Gemini API bill within 13 hours of enabling Firebase AI Logic on an existing project. The Firebase browser API key had no API restrictions, allowing automated external actors to exploit it for Gemini requests. Budget alerts triggered with a delay, and by the time the team responded costs had already reached €28,000. Google Cloud support denied a billing adjustment, classifying the charges as valid since they originated from the project. The post seeks guidance on safeguards beyond App Check and quotas, and whether any escalation path exists.
Sort: