A developer posted to the Google AI Developers Forum on April 15, 2026 that their Firebase project incurred an unexpected €54,000+ charge within 13 hours of enabling Firebase AI Logic. The traffic appeared automated, not user-driven. Budget alerts arrived hours after spending began, and by the time the developer reacted, costs had already climbed to roughly €28,000. The final bill settled above €54,000. When the developer contacted Google Cloud support for a billing adjustment, the response treated the charges as valid usage because they originated from the project itself.
How the bill accelerated so quickly
The core issue was a Firebase browser API key without proper restrictions. Firebase documentation says API keys identify a project for quota and billing routing, not authentication. They can be included in code, but they must be restricted appropriately. This developer's key had no such limits.
When Firebase AI Logic was enabled, the project gained a client-facing Gemini endpoint. Automated traffic then used the unrestricted key to reach that endpoint. Google's documentation describes Firebase AI Logic as the production path for using Gemini in mobile and web apps, with security features intended to prevent exactly this kind of exposure. Those features were either not configured or not enforced.
Budget alerts should have acted as an early brake. Firebase says alerts notify when spend crosses thresholds, but they do not stop services automatically. Usage continues after a warning arrives. In this case, the alerts themselves arrived with a delay. That meant the project kept generating charges while the developer remained unaware.
Firebase AI Logic and key exposure
This incident sits inside a larger shift in how Google treats API key security around Gemini. Equixly's analysis points out that Gemini changed the risk profile of public Google API keys. Keys that were historically safe to expose for products like Maps or Firebase can now authenticate requests to AI APIs if the project has Gemini enabled and the key is not properly restricted. The cost of that exposure can be immediate and large.
Google's own documentation reflects this new reality. The Firebase AI Logic production checklist now recommends several layers of control working together, not as isolated safeguards.
The controls that should have prevented this
Firebase AI Logic is designed to keep Gemini API keys server-side when used in mobile or web apps. It pairs that with a proxy service and Firebase App Check, which verifies that requests come from the authentic app. App Check enforcement can take up to 15 minutes to take effect, which is why it must be enabled before live traffic, not during an incident.
API restrictions limit which APIs a Firebase key can call. Application restrictions limit where the key can be used, matching bundle IDs or web domain origins. Neither was configured in this case.
What the production checklist says now
Google's production guidance for Firebase AI Logic includes several steps:
- Use separate Firebase projects for development, testing, and production
- Enable Firebase App Check enforcement
- Review API key restrictions and ensure Gemini is the only service the key can call
- Set application restrictions to limit where the key can be used
- Configure budget alerts
- Monitor token usage and requests through Firebase's AI monitoring dashboard
- Use a stable model version rather than testing models in production
The timing of these controls matters. App Check needs enforcement before the app reaches users. Restrictions need to be in place before the key is embedded in code. Budget alerts are notifications, not circuit breakers, so they must trigger at a level low enough to catch problems before spend escalates.
The bill ran fast because automated traffic could hit a Gemini endpoint with a valid project key. The controls that were supposed to slow or stop that traffic were not present. And the alert system, while functioning as designed, gave the developer only limited time to react.
For developers shipping AI features through Firebase, each of these controls works with the others. No single setting is sufficient.
