Hello,
We are looking for guidance regarding an unexpected €54,000+ Gemini API charge that occurred within a few hours after enabling Firebase AI Logic on an existing Firebase project.
Background:
We created the project over a year ago and initially used it only for Firebase Authentication. Recently, we added a simple AI feature (generating a web snippet from a text prompt) and enabled Firebase AI Logic.
What happened:
Shortly after enabling this, we experienced a sudden and extreme spike in Gemini API usage. The traffic was not correlated with our actual users and appeared to be automated. The activity occurred within a short overnight window and stopped once we disabled the API and rotated credentials.
Additional observations:
- We had a budget alert (€80) and a cost anomaly alert, both of which triggered with a delay of a few hours
- By the time we reacted, costs were already around €28,000
- The final amount settled at €54,000+ due to delayed cost reporting
This describes our issue in more detail:
Aftermath:
We worked with Google Cloud support and provided logs and analysis. The charges were classified as valid usage because they originated from our project, and our request for a billing adjustment was ultimately denied.
This usage was clearly anomalous, not user-driven, and does not reflect intended or meaningful consumption of the service.
Questions:
- Has anyone encountered a similar issue after enabling Firebase AI Logic or Gemini?
- Are there recommended safeguards beyond App Check, quotas, and moving calls server-side?
- Is there any escalation path we may have missed for cases like this?
Any guidance or shared experience would be greatly appreciated.