On May 22, 2026, The Register published a series of reports documenting Google Cloud developers hit with five-figure bills following unauthorized API calls to Gemini models (Google’s generative AI service) — services many had never used or intentionally enabled. This is not a breach story. This is a billing architecture story that raises questions about who controls spending when platforms quietly expand what legacy credentials can access.
The cases followed a familiar pattern. API keys originally deployed for Google Maps, placed publicly per Google’s own instructions, had quietly become capable of accessing Gemini after Google expanded their scope without clearly disclosing the change. Rod Danan, CEO of interview-prep platform Prentus, said his bill hit $10,138 in roughly 30 minutes after attackers exploited his compromised API key. Isuru Fonseka, a Sydney-based developer whose account was similarly compromised, woke up to charges of roughly AUD $17,000 despite believing he had a $250 spending cap in place. What neither knew was that Google’s automated systems had upgraded their billing tiers based on account history, raising their effective ceilings to as high as $100,000 without explicit consent.
Google refunded both after The Register published its initial report. Still, Google told The Register it has no plans to change its automatic tier-upgrade policy, saying it prioritizes preventing service outages over enforcing users’ stated budget preferences. Francis de Souza, Chief Operating Officer of Google Cloud, speaking at a Los Angeles event on May 25, 2026, offered advice that now reads differently in this context: “Security can’t be an afterthought. As companies embark on this AI journey, they need to take a platform approach. Security is not something you can bolt on later.” He wasn’t pitching Google Cloud alone — he made the case for a multicloud approach and argued that companies need to demand security, governance, and auditability from their platforms from the start. The gap between prescription and practice is worth noting.
Google’s Revocation Lag — 23 Minutes to Stop a Stolen Key
On May 23, 2026, The Register reported on research by security firm Aikido (a Belgium-based application security platform) finding that even developers who catch a compromised key and immediately delete it may not be safe. According to Aikido’s findings, attackers can apparently continue using that key for up to 23 minutes because Google’s revocation propagates gradually across its infrastructure. Aikido researcher Joseph Leon told The Register that during that window, success rates are unpredictable — in some minutes over 90 percent of requests still authenticated — and attackers can use the time to exfiltrate files and cached conversation data from Gemini.
Leon also noted that Google’s own newer credential formats don’t appear to have the same problem: service account API credentials revoke in about five seconds, and Gemini’s newer AQ-prefixed key format takes about a minute. Both run at Google scale, he wrote in Aikido’s related paper. Both suggest this is technically solvable for Google API keys, too. In short, according to Leon, the 23-minute window isn’t an engineering constraint but a matter of priorities for the company. The operational lesson for investors: even at hyperscale, platform incentives shape security architecture more than technical limitations do.
Tohoku Researchers Cut Drag 43.6 Percent — With Random Bumps
On May 24, 2026, a research team at Tohoku University’s Institute of Fluid Science announced a discovery that significantly advances aerodynamic drag reduction. Aiko Yakino, associate professor at the institute, and her research group were the first in the world to demonstrate that aerodynamic drag can be reduced by up to 43.6 percent simply by applying distributed micro-roughness (DMR), a surface roughness so fine and irregular that it cannot be distinguished by the naked eye. This technology is fundamentally different from the rivulet (shark skin) process, which carves grooves approximately 0.1 mm wide along the direction of airflow.
DMR delays the switch from laminar to turbulent flow by means of random and minute irregularities. A key factor in this achievement was the use of the world’s largest 1-meter magnetic support balance system (1m-MSBS), owned by the Institute of Fluid Science, which can levitate a streamlined model approximately 1.07 m in length inside a wind tunnel without contact using electromagnetic force. Experimental results showed that the critical Reynolds number (ratio of inertial to viscous forces acting on the fluid) at which the turbulent transition begins increased from approximately 1.9 × 10⁶ to 2.2 × 10⁶ for the DMR-coated model. The strength of DMR’s aerodynamic drag reduction lies in its extremely high passivity and omni-directional nature: the surface roughness is random and does not depend on the direction of the flow, requiring neither moving parts nor electricity. If DMR is applied to aircraft, it is expected to significantly reduce operating costs and carbon dioxide emissions by improving fuel efficiency.
Two Beluga Whales Pass the Mirror Test — Or Did They?
On May 25, 2026, researchers published a study in PLOS One documenting mirror self-recognition in beluga whales — a cognitive ability long considered a marker of self-awareness, and one that had never before been documented in the species. The footage is more than two decades old. Senior author Diana Reiss, who originally conducted the experiments, revisited and digitized the original videotapes after some had degraded in the meantime. The experiment exposed four belugas to the mirror together, in their usual social housing. Only two — Natasha and Maris — showed sustained interest, so only they advanced to the experimental phase, where they were marked with waterproof lipstick during feeding sessions.
The one genuinely mark-directed behavior came from Natasha, who repeatedly pressed the marked area — behind her right ear — against the mirror. Without arms, she couldn’t point. It’s the strongest data point in the study, but a softer kind of evidence than a chimp or an elephant typically delivers. Anil Seth, a neuroscientist at the University of Sussex, told Ars Technica that the mirror self-recognition test is not a test of consciousness itself, but a test of a particular kind of ability to recognize one’s own body. Failure to reliably pass the test does not mean that an animal lacks consciousness, or any form of selfhood. The test, he added, is motivated by what feels natural to humans and may well not feel natural to other species, even if they have the same kind of ability. The operational lesson: measurement validity matters as much in cognitive science as it does in applied AI.
Platform economics runs on trust, but trust is expensive to maintain when incentives diverge. Google’s billing architecture prioritizes uptime continuity over user-declared limits. That’s a rational engineering choice, but it socializes risk onto customers who assumed their caps were hard. The 23-minute revocation lag and the beluga mirror tests share a common thread: the gap between what systems are technically capable of doing and what they actually do is often a function of priorities, not constraints. If you’re building on platforms that scale faster than their governance, budget for the delta. The signals are already here.
If this was useful, drop a like or comment below. More signal, less noise — every time.
AI Ludens — a creator who works with AI as if it were play.
“Ludens” is Latin for “the one who plays,”
borrowed from Johan Huizinga’s Homo Ludens.
I believe creation alongside AI is meaningful play.
Using n8n, Claude Code, and Google Cloud,
I design and operate content automation pipelines
that grow wiser with every iteration.
I build and run multiple automated media properties,
including worldsignal.site, worldbriefed.world,
and the YouTube channel “500-Year Protocol.”
From publishing to video production,
everything runs as an automated system — built with AI, beside AI.
Each article is reviewed and edited by AI Ludens before publishing to ensure factual accuracy and editorial quality
Leave a Reply