A developer from Mexico (a team of only 3 people) posted on Reddit to ask for help about his sky-high bill. This small team used Google Gemini access provided by Google Cloud, but due to an operational error, the API key was accidentally leaked online.

Normally, the monthly Google Gemini fee that this developer needs to pay is only US$180, but after accidentally exposing the key, it was quickly captured and used by others, resulting in a sky-high bill of US$82,000 in just 48 hours.
The question now is how to deal with this sky-high bill. This small team is unable to pay the fee. However, if it fails to pay, not only will it be unable to continue using Google Gemini, it may also face potential legal problems.
Google has no plans to waive these fees:
This small team has contacted Google hoping to cancel or reduce the fee, but Google support engineers mentioned Google Cloud's shared responsibility model. Simply put, this is not Google's responsibility, so customers must pay the bill in full.
From a normal perspective, there is nothing wrong with Google's argument. After all, the source of the sky-high bills due to key leaks is the developers themselves, and Google does provide resource services through Google Cloud, which naturally require costs.
But the problem lies in Google's quota mechanism:
If you use most platforms such as OpenAI API, you will notice that the platform uses a prepaid mechanism, that is, users must recharge before they can use it. Once the balance is exhausted, the service will be cut off immediately.
At the same time, the platform also provides a consumption limit function to prevent certain unexpected situations. For example, if the limit is set to US$30 per month, as long as you spend more than US$30 this month, the service will also be cut off, even if there is still a balance in the account.
But Google Cloud does not have this mechanism, especially Google Cloud Gemini does not provide quota limits. Google only provides API request call rate limits, not quota consumption limits.
Note: However, Google Cloud Platform does have a budget warning function. You need to set the budget amount in advance and set the threshold that triggers the warning. It is not clear whether the developer has received the budget warning function (or has not set it at all).
What makes developers complain is that Google did not detect the anomaly. That is, a normal monthly bill of $180 suddenly appeared a massive number of requests within 24 hours. Google should be able to detect the anomaly and block it before notifying the user for confirmation.
Can the bill be reduced or reduced:
From Google's perspective, there is nothing wrong with the shared responsibility model. From a developer's perspective, Google Cloud's design flaws and security mechanisms are also the reasons for sky-high bills.
So now it depends on how developers negotiate with Google. If Google is unwilling to waive the exemption anyway, there is nothing they can do, but perhaps Google can also improve its own mechanism through this incident. After all, the Google Cloud API involves far more products than just Gemini.
I would also like to remind other developers that if you call AI models or other cloud products, be sure to check whether the platform provides quota limits. If not, it is best not to use it to avoid mistakes that may expose the key and lead to sky-high bills.