- $128,000 — small company in Japan, caught it at $44K, shut everything down, charges kept accumulating, Google denied the adjustment request
- $82,314 — 3-person startup, Gemini API key silently reused, normal monthly spend was $180
- $55,444 — student, key leaked on GitHub during summer break, discovered months later
- ~$75,000 — student in India building a blood cancer detection tool, received legal threats from Google
The root cause in every case: GCP billing data lags 4-12 hours. By the time a budget alert fires, the damage is already done. There is no native automatic kill switch.
The only reliable real-time signal is `serviceruntime.googleapis.com/api/request_count` via Cloud Monitoring, which has a 3-5 minute ingestion delay. Budget alerts don't use this — they use billing data.
Has anyone else dealt with this? Curious how teams are protecting themselves today.