Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication
Technical Analysis
Summary
Hide ▲
Show ▼
Testing showed deleted Google Cloud Platform API keys could still authenticate for minutes after revocation, creating a post-deletion abuse window that weakens incident response. The measurements found a median 16-minute revocation lag and a maximum of 23 minutes, with region-dependent variability that makes immediate shutdown assumptions unsafe.
Related Happenings
Zealot autonomous AI cloud intrusion proof of concept
Technical Analysis
First: 23.04.2026 13:09
Last: 23.04.2026 13:09
Sources 1
About this happening:
**Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Zealot autonomous AI cloud intrusion proof of concept
Technical AnalysisAbout this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/Service
First: 09.04.2026 21:33
Last: 09.04.2026 21:33
Sources 1
About this happening:
Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/ServiceAbout this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Google Android Advanced Flow adds safer APK sideloading for unverified developers
Security Tool/Service
First: 21.03.2026 16:18
Last: 21.03.2026 16:18
Sources 1
About this happening:
**Google** is rolling out **Advanced Flow** on **Android** to let power users sideload APKs from **unverified developers** with more friction and warnings, reducing the risk of **...
Google Android Advanced Flow adds safer APK sideloading for unverified developers
Security Tool/ServiceAbout this happening: **Google** is rolling out **Advanced Flow** on **Android** to let power users sideload APKs from **unverified developers** with more friction and warnings, reducing the risk of **...
Victim organization's AWS environment hit by data theft breach
Incident
First: 11.03.2026 09:31
Last: 11.03.2026 09:31
Sources 1
About this happening:
**UNC6426** breached a victim organization's **AWS environment** and escalated to **administrator access** in **less than 72 hours**, creating immediate risk of **data theft** and...
Victim organization's AWS environment hit by data theft breach
IncidentAbout this happening: **UNC6426** breached a victim organization's **AWS environment** and escalated to **administrator access** in **less than 72 hours**, creating immediate risk of **data theft** and...
Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025
Target Trend
First: 10.03.2026 17:30
Last: 10.03.2026 17:30
Sources 1
About this happening:
Threat actors targeting **Google Cloud environments** shifted in **H2 2025** from credential abuse to **unpatched third-party vulnerabilities**, materially changing initial-access...
Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025
Target TrendAbout this happening: Threat actors targeting **Google Cloud environments** shifted in **H2 2025** from credential abuse to **unpatched third-party vulnerabilities**, materially changing initial-access...
Timeline
-
21.05.2026 23:07 2 articles · 6d ago
Google Cloud API key revocation testing shows delayed deletion enforcement
Technical Analysis UpdateJoe Leon of Aikido Security reported that Google Cloud Platform (GCP) API keys can keep authenticating after deletion, with a median revocation window of about 16 minutes and a maximum of 23 minutes. The testing across multiple GCP regions found highly unpredictable success rates and region-dependent differences, leading Aikido to recommend a 30-minute deletion window for Google API keys. Leon also warned that if Gemini is enabled on the project, an attacker holding a deleted key could dump uploaded files and exfiltrate cached conversations, and Google reportedly closed the disclosure as "won't fix".
Show sources
- Google API Keys Remain Active After Deletion — www.darkreading.com — 21.05.2026 23:07
- Google API Keys Remain Active After Deletion — www.darkreading.com — 21.05.2026 23:07