Comment by harsha_photon

How did a company as large as Google miss this? They’ve said they’ll only fix the leaked keys — but how are they identifying those? What if their discovery method doesn’t catch all the compromised keys? If they’re filtering based on a cutoff date (for example, before the Gemini API launch), that would only address part of the issue. What about keys created afterward that may also be affected? The default scope of new created is all APIs why is this ??