In a plot twist nobody saw coming because they were all apparently busy looking at cat memes, a study by Truffle Security has revealed a new threat to your peace of mind: thousands of public Google Cloud API keys, lounging around like digital cats on your keyboard. Yes, these keys, meant to be project identifiers for billing purposes, are now out there networking with the wrong crowd and possibly wearing sunglasses indoors.

These AIza-prefixed keys, looking like they were ripped straight from a James Bond AI film, are embedded in client-side code to provide what else but Google-related services. But now, they’ve been spotted sneaking into Gemini endpoints, hoping to do more than just get a tan. Who knew that enabling an API could be so empowering? Certainly not the developers who trusted these keys with their digital lives.

As the tech world collectively gasps and clutches its pearls, Google is reportedly working on making these keys take a seminar on commitment and responsibility. Meanwhile, developers are advised to check if their keys are on a rebellious joyride through the Google Cloud suburbs, lest they prefer a server that’s more locked down than a teenager’s diary.