{"@context":"https://neupai.io/schema/v0.2","@type":"StructuredNewsArticle","identity":{"article_id":"tech42_20260525_google-ai-security-api-key-vulnerability","canonical_url":"https://www.tech42.co.kr/%eb%a7%90-%eb%94%b0%eb%a1%9c-%ed%96%89%eb%8f%99-%eb%94%b0%eb%a1%9c-%ea%b5%ac%ea%b8%80-ai-%eb%b3%b4%ec%95%88-%ea%b0%95%ec%a1%b0%ed%95%98%eb%8d%94%eb%8b%88-%ec%8b%9c%ec%8a%a4/?utm_source=rss&utm_medium=rss&utm_campaign=%25eb%25a7%2590-%25eb%2594%25b0%25eb%25a1%259c-%25ed%2596%2589%25eb%258f%2599-%25eb%2594%25b0%25eb%25a1%259c-%25ea%25b5%25ac%25ea%25b8%2580-ai-%25eb%25b3%25b4%25ec%2595%2588-%25ea%25b0%2595%25ec%25a1%25b0%25ed%2595%2598%25eb%258d%2594%25eb%258b%2588-%25ec%258b%259c%25ec%258a%25a4","ai_url":null,"publisher":{"name":"테크42","domain":"www.tech42.co.kr","type":"online"},"author":"앨리스","published_at":"2026-05-25T23:49:42.000Z","updated_at":null,"language":"en","article_type":"straight_news","originality":"self_produced"},"content":{"headline":"\"Google's Words Don't Match Actions\"... Emphasized AI Security, But System Vulnerabilities Leave Developers with 'Bill Bombs'","summary":"While Google emphasized the importance of AI security, a contradictory situation has emerged where developers are receiving bills for tens of millions of won due to unauthorized API calls caused by structural flaws in the company's platform. With hackers' attack time shortened to 22 seconds, Google's security gap of up to 23 minutes required to propagate API key deletion commands has become problematic.","topics":["ai","security","cloud","api"],"geography":["US","AU"],"entities":[{"name":"Google","canonical_id":"corp:us:google","type":"company","role_in_article":"primary_subject","metadata":{"ticker":null,"parent":null}},{"name":"Francis D'Souza","canonical_id":"person:us:francis-de-souza","type":"person","role_in_article":"quoted","metadata":{"ticker":null,"parent":null}},{"name":"Prentus","canonical_id":"corp:us:prentus","type":"company","role_in_article":"mentioned","metadata":{"ticker":null,"parent":null}},{"name":"Rod Danan","canonical_id":"person:us:rod-danan","type":"person","role_in_article":"quoted","metadata":{"ticker":null,"parent":null}},{"name":"Aikido","canonical_id":"corp:us:aikido","type":"company","role_in_article":"source","metadata":{"ticker":null,"parent":null}},{"name":"The Register","canonical_id":"org:uk:the-register","type":"organization","role_in_article":"source","metadata":{"ticker":null,"parent":null}}],"claims":[{"id":"c1","statement":"$10,138 (approximately ₩14 million) was billed in just 30 minutes","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"recently","source_type":"company_disclosure","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c2","statement":"The spending limit set at $250 was rendered ineffective, resulting in a shock bill of approximately AU$17,000","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"recently","source_type":"company_disclosure","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c3","statement":"The time for hackers to move to the next attack phase after initial infiltration has drastically decreased from 8 hours in the past to just '22 seconds'","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"in the past","source_type":"industry_estimate","comparison":"previous_period","type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c4","statement":"It was confirmed that it takes up to 23 minutes for this command to propagate throughout Google's infrastructure","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"May 2026","source_type":"research_paper","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c5","statement":"During this gap period, hackers' authentication request success rate exceeded 90%","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"May 2026","source_type":"research_paper","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c6","statement":"Considering that Google's latest credential format is discarded within 5 seconds, this is not a technical limitation but a matter of policy priorities","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"May 2026","source_type":"journalist_analysis","comparison":null,"type":"opinion","figures":null,"expiry_hint":null,"insight":null}],"ai_emotional_context":{"valence":0,"arousal":0,"primary_emotions":[],"secondary_emotions":[],"emotional_triggers":[]}},"provenance":{"source_chain":["primary_reporting"],"original_source_url":null,"related_articles":[]},"temporal":{"freshness":"recent","next_update_expected":null},"access":{"license":"neupai_standard","attribution_required":true,"structured_data":"free","full_text_available":false,"full_text_access":null}}