Conclusion: Always set billing caps and alerts on cloud API keys. A compromised key without spending limits can bankrupt you overnight.
tldr: A stolen Google Cloud API key generated $82,314 in Gemini charges in 48 hours — normal monthly spend was $180.