{"id":65251,"date":"2026-05-26T08:00:00","date_gmt":"2026-05-26T01:00:00","guid":{"rendered":"https:\/\/jaybranding.com\/google-thua-nhan-bao-mat-ai-con-dang-chuyen-tiep-developer-mat-17000-vi-lo-hong-api-gemini\/"},"modified":"2026-05-26T08:00:00","modified_gmt":"2026-05-26T01:00:00","slug":"google-thua-nhan-bao-mat-ai-con-dang-chuyen-tiep-developer-mat-17000-vi-lo-hong-api-gemini","status":"publish","type":"post","link":"https:\/\/jaybranding.com\/en\/google-thua-nhan-bao-mat-ai-con-dang-chuyen-tiep-developer-mat-17000-vi-lo-hong-api-gemini\/","title":{"rendered":"GOOGLE TH\u1eeaA NH\u1eacN B\u1ea2O M\u1eacT AI C\u00d2N \u0110ANG ‘CHUY\u1ec2N TI\u1ebeP’ \u2014 DEVELOPER M\u1ea4T $17,000 V\u00cc L\u1ed6 H\u1ed4NG API GEMINI"},"content":{"rendered":"

Francis de Souza, COO c\u1ee7a Google Cloud, v\u1eeba l\u00ean ti\u1ebfng th\u1eeba nh\u1eadn r\u1eb1ng ngay c\u1ea3 g\u00e3 kh\u1ed5ng l\u1ed3 c\u00f4ng ngh\u1ec7 c\u0169ng \u0111ang trong giai \u0111o\u1ea1n “chuy\u1ec3n ti\u1ebfp” khi n\u00f3i v\u1ec1 b\u1ea3o m\u1eadt AI.<\/strong> Ph\u00e1t bi\u1ec3u t\u1ea1i m\u1ed9t s\u1ef1 ki\u1ec7n \u1edf Los Angeles, \u00f4ng nh\u1ea5n m\u1ea1nh r\u1eb1ng b\u1ea3o m\u1eadt kh\u00f4ng th\u1ec3 l\u00e0 th\u1ee9 “g\u1eafn th\u00eam v\u00e0o sau” khi c\u00e1c doanh nghi\u1ec7p tri\u1ec3n khai tr\u00ed tu\u1ec7 nh\u00e2n t\u1ea1o \u2014 nh\u01b0ng ngh\u1ecbch l\u00fd thay, ch\u00ednh Google c\u0169ng \u0111ang v\u1eadt l\u1ed9n v\u1edbi nh\u1eefng l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng li\u00ean quan \u0111\u1ebfn API Gemini c\u1ee7a m\u00ecnh.<\/p>\n\n\n\n

C\u00e2u chuy\u1ec7n n\u00f3ng l\u00ean sau khi The Register c\u00f4ng b\u1ed1 lo\u1ea1t b\u00e1o c\u00e1o v\u1ec1 h\u00e0ng lo\u1ea1t developer Google Cloud b\u1ecb t\u00ednh ph\u00ed l\u00ean \u0111\u1ebfn h\u00e0ng ch\u1ee5c ngh\u00ecn \u0111\u00f4 la v\u00ec nh\u1eefng l\u1ec7nh g\u1ecdi API Gemini tr\u00e1i ph\u00e9p \u2014 nh\u1eefng d\u1ecbch v\u1ee5 m\u00e0 h\u1ecd ch\u01b0a t\u1eebng k\u00edch ho\u1ea1t ho\u1eb7c s\u1eed d\u1ee5ng. \u0110i\u1ec1u n\u00e0y \u0111\u1eb7t ra c\u00e2u h\u1ecfi l\u1edbn: li\u1ec7u c\u00e1c n\u1ec1n t\u1ea3ng AI c\u00f3 \u0111ang th\u1ef1c s\u1ef1 b\u1ea3o v\u1ec7 ng\u01b0\u1eddi d\u00f9ng c\u1ee7a m\u00ecnh?<\/p>\n\n\n\n

“Shadow AI” \u2014 M\u1ed1i \u0111e d\u1ecda ng\u1ea7m trong m\u1ecdi doanh nghi\u1ec7p<\/h2>\n\n\n\n

De Souza \u0111\u1eb7c bi\u1ec7t c\u1ea3nh b\u00e1o v\u1ec1 hi\u1ec7n t\u01b0\u1ee3ng “Shadow AI”<\/strong> \u2014 t\u00ecnh tr\u1ea1ng nh\u00e2n vi\u00ean t\u1ef1 \u00fd s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 AI ti\u00eau d\u00f9ng nh\u01b0 ChatGPT hay Gemini m\u00e0 kh\u00f4ng c\u00f3 s\u1ef1 gi\u00e1m s\u00e1t c\u1ee7a t\u1ed5 ch\u1ee9c. “Kh\u00f4ng c\u00f3 th\u1ee9 g\u1ecdi l\u00e0 chi\u1ebfn l\u01b0\u1ee3c AI m\u00e0 kh\u00f4ng c\u00f3 chi\u1ebfn l\u01b0\u1ee3c d\u1eef li\u1ec7u v\u00e0 chi\u1ebfn l\u01b0\u1ee3c b\u1ea3o m\u1eadt. Ch\u00fang c\u1ea7n ph\u1ea3i \u0111i \u0111\u00f4i v\u1edbi nhau,” \u00f4ng nh\u1ea5n m\u1ea1nh.<\/p>\n\n\n\n

Theo v\u1ecb COO n\u00e0y, b\u1ec1 m\u1eb7t t\u1ea5n c\u00f4ng (attack surface) \u0111\u00e3 m\u1edf r\u1ed9ng v\u01b0\u1ee3t xa ph\u1ea1m vi m\u1ea1ng truy\u1ec1n th\u1ed1ng. “Ngo\u00e0i h\u1ec7 th\u1ed1ng th\u00f4ng th\u01b0\u1eddng, gi\u1edd \u0111\u00e2y b\u1ea1n c\u00f2n c\u00f3 c\u00e1c m\u00f4 h\u00ecnh AI, pipeline d\u1eef li\u1ec7u d\u00f9ng \u0111\u1ec3 hu\u1ea5n luy\u1ec7n m\u00f4 h\u00ecnh, c\u00e1c AI agent, v\u00e0 prompts \u2014 t\u1ea5t c\u1ea3 \u0111\u1ec1u c\u1ea7n \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7.” \u00d4ng c\u0169ng ti\u1ebft l\u1ed9 m\u1ed9t con s\u1ed1 \u0111\u00e1ng b\u00e1o \u0111\u1ed9ng: th\u1eddi gian trung b\u00ecnh t\u1eeb l\u00fac b\u1ecb x\u00e2m nh\u1eadp ban \u0111\u1ea7u \u0111\u1ebfn khi b\u00e0n giao cho giai \u0111o\u1ea1n t\u1ea5n c\u00f4ng ti\u1ebfp theo \u0111\u00e3 gi\u1ea3m t\u1eeb 8 gi\u1edd xu\u1ed1ng ch\u1ec9 c\u00f2n 22 gi\u00e2y<\/strong>.<\/p>\n\n\n\n

Scandal API key: Google Maps bi\u1ebfn th\u00e0nh “c\u1eeda sau” cho Gemini<\/h2>\n\n\n\n

C\u00e1c v\u1ee5 vi\u1ec7c do The Register \u0111i\u1ec1u tra cho th\u1ea5y m\u1ed9t k\u1ecbch b\u1ea3n \u0111\u00e1ng s\u1ee3: nh\u1eefng API key v\u1ed1n \u0111\u01b0\u1ee3c t\u1ea1o ra cho Google Maps, \u0111\u1eb7t public theo \u0111\u00fang h\u01b0\u1edbng d\u1eabn c\u1ee7a Google, \u0111\u00e3 \u00e2m th\u1ea7m c\u00f3 kh\u1ea3 n\u0103ng truy c\u1eadp Gemini sau khi Google m\u1edf r\u1ed9ng ph\u1ea1m vi m\u00e0 kh\u00f4ng th\u00f4ng b\u00e1o r\u00f5 r\u00e0ng. Rod Danan, CEO c\u1ee7a n\u1ec1n t\u1ea3ng ph\u1ecfng v\u1ea5n Prentus, cho bi\u1ebft h\u00f3a \u0111\u01a1n c\u1ee7a anh l\u00ean t\u1edbi $10,138 ch\u1ec9 trong 30 ph\u00fat<\/strong> sau khi hacker khai th\u00e1c API key b\u1ecb x\u00e2m ph\u1ea1m.<\/p>\n\n\n\n

T\u1ec7 h\u01a1n, m\u1ed9t developer t\u1ea1i Sydney t\u00ean Isuru Fonseka t\u1ec9nh d\u1eady v\u1edbi kho\u1ea3n ph\u00ed kho\u1ea3ng AUD $17,000 (~$11,200 USD)<\/strong> d\u00f9 \u0111\u00e3 \u0111\u1eb7t m\u1ee9c chi ti\u00eau t\u1ed1i \u0111a $250. \u0110i\u1ec1u m\u00e0 c\u1ea3 hai kh\u00f4ng h\u1ec1 bi\u1ebft: h\u1ec7 th\u1ed1ng t\u1ef1 \u0111\u1ed9ng c\u1ee7a Google \u0111\u00e3 n\u00e2ng c\u1ea5p b\u1eadc thanh to\u00e1n (billing tier) d\u1ef1a tr\u00ean l\u1ecbch s\u1eed t\u00e0i kho\u1ea3n, \u0111\u1ea9y h\u1ea1n m\u1ee9c l\u00ean t\u1edbi $100,000 m\u00e0 kh\u00f4ng c\u1ea7n s\u1ef1 \u0111\u1ed3ng \u00fd. Google \u0111\u00e3 ho\u00e0n ti\u1ec1n cho c\u1ea3 hai n\u1ea1n nh\u00e2n, nh\u01b0ng tuy\u00ean b\u1ed1 kh\u00f4ng c\u00f3 k\u1ebf ho\u1ea1ch thay \u0111\u1ed5i ch\u00ednh s\u00e1ch t\u1ef1 \u0111\u1ed9ng n\u00e2ng c\u1ea5p<\/strong>, v\u1edbi l\u00fd do \u01b0u ti\u00ean ng\u0103n ch\u1eb7n gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5 h\u01a1n l\u00e0 t\u00f4n tr\u1ecdng gi\u1edbi h\u1ea1n ng\u00e2n s\u00e1ch c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n\n\n\n

X\u00f3a API key r\u1ed3i v\u1eabn… ch\u01b0a an to\u00e0n: L\u1ed7 h\u1ed5ng 23 ph\u00fat ch\u1ebft ng\u01b0\u1eddi<\/h2>\n\n\n\n

C\u00f4ng ty b\u1ea3o m\u1eadt Aikido c\u00f2n ph\u00e1t hi\u1ec7n m\u1ed9t v\u1ea5n \u0111\u1ec1 nghi\u00eam tr\u1ecdng h\u01a1n: ngay c\u1ea3 khi developer ph\u00e1t hi\u1ec7n key b\u1ecb x\u00e2m ph\u1ea1m v\u00e0 x\u00f3a ngay l\u1eadp t\u1ee9c, k\u1ebb t\u1ea5n c\u00f4ng v\u1eabn c\u00f3 th\u1ec3 ti\u1ebfp t\u1ee5c s\u1eed d\u1ee5ng key \u0111\u00f3 trong t\u1ed1i \u0111a 23 ph\u00fat<\/strong>. Nguy\u00ean nh\u00e2n l\u00e0 qu\u00e1 tr\u00ecnh thu h\u1ed3i (revocation) c\u1ee7a Google lan truy\u1ec1n d\u1ea7n qua h\u1ea1 t\u1ea7ng to\u00e0n c\u1ea7u, kh\u00f4ng di\u1ec5n ra t\u1ee9c th\u00ec.<\/p>\n\n\n\n

Joseph Leon, nh\u00e0 nghi\u00ean c\u1ee9u t\u1ea1i Aikido, cho bi\u1ebft trong kho\u1ea3ng th\u1eddi gian 23 ph\u00fat \u0111\u00f3, t\u1ef7 l\u1ec7 th\u00e0nh c\u00f4ng c\u1ee7a c\u00e1c request l\u00e0 kh\u00f4ng th\u1ec3 \u0111o\u00e1n tr\u01b0\u1edbc \u2014 c\u00f3 nh\u1eefng ph\u00fat h\u01a1n 90% request v\u1eabn x\u00e1c th\u1ef1c th\u00e0nh c\u00f4ng<\/strong>. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 d\u00f9ng th\u1eddi gian n\u00e0y \u0111\u1ec3 \u0111\u00e1nh c\u1eafp file v\u00e0 d\u1eef li\u1ec7u h\u1ed9i tho\u1ea1i \u0111\u00e3 cache t\u1eeb Gemini. \u0110\u00e1ng ch\u00fa \u00fd, Leon ch\u1ec9 ra r\u1eb1ng c\u00e1c \u0111\u1ecbnh d\u1ea1ng credential m\u1edbi h\u01a1n c\u1ee7a Google kh\u00f4ng g\u1eb7p v\u1ea5n \u0111\u1ec1 n\u00e0y: service account API credential thu h\u1ed3i trong 5 gi\u00e2y, v\u00e0 key Gemini \u0111\u1ecbnh d\u1ea1ng AQ ch\u1ec9 m\u1ea5t kho\u1ea3ng 1 ph\u00fat<\/strong>. “C\u1ea3 hai \u0111\u1ec1u ch\u1ea1y \u1edf quy m\u00f4 Google,” Leon vi\u1ebft. “\u0110i\u1ec1u n\u00e0y cho th\u1ea5y \u0111\u00e2y l\u00e0 v\u1ea5n \u0111\u1ec1 v\u1ec1 m\u1ee9c \u0111\u1ed9 \u01b0u ti\u00ean, kh\u00f4ng ph\u1ea3i gi\u1edbi h\u1ea1n k\u1ef9 thu\u1eadt.”<\/p>\n\n\n\n

AI Agent \u2014 “M\u00e1y qu\u00e9t” kho d\u1eef li\u1ec7u b\u1ecb l\u00e3ng qu\u00ean<\/h2>\n\n\n\n

M\u1ed9t m\u1ed1i \u0111e d\u1ecda kh\u00e1c m\u00e0 de Souza \u0111\u1ec1 c\u1eadp nh\u01b0ng \u00edt \u0111\u01b0\u1ee3c ch\u00fa \u00fd: c\u00e1c AI agent khi di chuy\u1ec3n qua h\u1ec7 th\u1ed1ng n\u1ed9i b\u1ed9 doanh nghi\u1ec7p c\u00f3 th\u1ec3 t\u00ecm th\u1ea5y nh\u1eefng kho d\u1eef li\u1ec7u c\u0169 \u0111\u00e3 b\u1ecb l\u00e3ng qu\u00ean t\u1eeb l\u00e2u<\/strong>. “R\u1ea5t nhi\u1ec1u t\u1ed5 ch\u1ee9c c\u00f3 nh\u1eefng server SharePoint c\u0169 m\u00e0 h\u1ecd ch\u01b0a th\u1ef1c s\u1ef1 c\u1eadp nh\u1eadt quy\u1ec1n truy c\u1eadp. Nh\u01b0ng \u0111i\u1ec1u \u0111\u00f3 kh\u00f4ng th\u00e0nh v\u1ea5n \u0111\u1ec1 v\u00ec kh\u00f4ng ai bi\u1ebft ch\u00fang \u1edf \u0111\u00e2u. Tuy nhi\u00ean, c\u00e1c agent lang thang trong doanh nghi\u1ec7p c\u1ee7a b\u1ea1n s\u1ebd t\u00ecm th\u1ea5y nh\u1eefng t\u00e0i s\u1ea3n d\u1eef li\u1ec7u \u0111\u00f3 v\u00e0 ph\u01a1i b\u00e0y ch\u00fang.”<\/p>\n\n\n\n

Gi\u1ea3i ph\u00e1p theo de Souza l\u00e0 ph\u00f2ng th\u1ee7 AI-native ho\u00e0n to\u00e0n t\u1ef1 \u0111\u1ed9ng (fully agentic defense)<\/strong>: “Thay v\u00ec ph\u00f2ng th\u1ee7 do con ng\u01b0\u1eddi d\u1eabn d\u1eaft ho\u1eb7c th\u1eadm ch\u00ed c\u00f3 con ng\u01b0\u1eddi trong v\u00f2ng l\u1eb7p, gi\u1edd \u0111\u00e2y b\u1ea1n c\u00f3 th\u1ec3 \u0111\u1ec3 con ng\u01b0\u1eddi gi\u00e1m s\u00e1t m\u1ed9t h\u1ec7 th\u1ed1ng ph\u00f2ng th\u1ee7 ho\u00e0n to\u00e0n do agent \u0111i\u1ec1u khi\u1ec3n.” Tuy nhi\u00ean, Lea Kissner, CISO c\u1ee7a LinkedIn, c\u1ea3nh b\u00e1o v\u1edbi New York Times r\u1eb1ng ng\u00e0nh c\u00f4ng nghi\u1ec7p \u0111ang \u0111\u1ed1i m\u1eb7t v\u1edbi “bug-pocalypse”<\/strong> \u2014 l\u00e0n s\u00f3ng l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt m\u00e0 AI t\u1ea1o ra \u0111ang nh\u00e2n l\u00ean nhanh h\u01a1n kh\u1ea3 n\u0103ng x\u1eed l\u00fd c\u1ee7a c\u00e1c \u0111\u1ed9i ng\u0169 b\u1ea3o m\u1eadt, v\u00e0 b\u00e0 kh\u00f4ng k\u1ef3 v\u1ecdng ng\u00e0nh s\u1ebd hi\u1ec3u \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt AI m\u1ed9t c\u00e1ch b\u1ec1n v\u1eefng trong \u00edt nh\u1ea5t v\u00e0i n\u0103m t\u1edbi.<\/p>\n\n\n\n

De Souza kh\u00f4ng sai khi n\u00f3i v\u1ec1 t\u1ea7m quan tr\u1ecdng c\u1ee7a b\u1ea3o m\u1eadt AI. Nh\u01b0ng c\u00f3 m\u1ed9t kho\u1ea3ng c\u00e1ch r\u00f5 r\u00e0ng gi\u1eefa nh\u1eefng g\u00ec c\u00e1c n\u1ec1n t\u1ea3ng \u0111ang khuy\u1ebfn ngh\u1ecb v\u00e0 t\u1ed1c \u0111\u1ed9 h\u1ecd t\u1ef1 th\u00edch \u1ee9ng \u2014 v\u00e0 c\u00e1c developer \u0111ang l\u00e0 nh\u1eefng ng\u01b0\u1eddi ph\u1ea3i tr\u1ea3 gi\u00e1.<\/p>\n\n\n\n

Source: TechCrunch \u2014 Everyone is navigating AI security in real time \u2014 even Google<\/a><\/p>","protected":false},"excerpt":{"rendered":"

Francis de Souza, COO c\u1ee7a Google Cloud, v\u1eeba l\u00ean ti\u1ebfng th\u1eeba nh\u1eadn r\u1eb1ng ngay c\u1ea3 g\u00e3 kh\u1ed5ng l\u1ed3 c\u00f4ng ngh\u1ec7 c\u0169ng \u0111ang trong giai \u0111o\u1ea1n “chuy\u1ec3n ti\u1ebfp” khi n\u00f3i v\u1ec1 b\u1ea3o m\u1eadt AI. Ph\u00e1t bi\u1ec3u t\u1ea1i m\u1ed9t s\u1ef1 ki\u1ec7n \u1edf Los Angeles, \u00f4ng nh\u1ea5n m\u1ea1nh r\u1eb1ng b\u1ea3o m\u1eadt kh\u00f4ng th\u1ec3 l\u00e0 th\u1ee9 “g\u1eafn th\u00eam v\u00e0o […]<\/p>","protected":false},"author":0,"featured_media":65250,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1190],"tags":[1195,1208,1222,1209,1193,1207,1210],"class_list":["post-65251","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-news","tag-a-i-news","tag-ai-security","tag-api-key","tag-bao-mat-ai","tag-gemini","tag-google-cloud","tag-shadow-ai"],"_links":{"self":[{"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/posts\/65251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/comments?post=65251"}],"version-history":[{"count":0,"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/posts\/65251\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/media\/65250"}],"wp:attachment":[{"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/media?parent=65251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/categories?post=65251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jaybranding.com\/en\/wp-json\/wp\/v2\/tags?post=65251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}