OpenAI
Service Name: OpenAI
Service Description: OpenAI provides artificial intelligence APIs and models for natural language processing, image generation, and other AI capabilities.
Service Address: https://openai.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to OpenAI's API services including GPT models, embeddings, DALL-E, and other AI capabilities.
Secret Revokement URL: https://platform.openai.com/api-keys
Secret Example: sk-abcdefghijklmnopqrstuvwxyz123456789ABCDEFG
Suspicious Activity Investigation Instructions:
- Review OpenAI usage logs in the OpenAI dashboard for unusual API calls or high volume requests.
- Check for unauthorized applications or services using the API key.
- Monitor for unusual spending patterns or sudden increases in token usage.
- Verify if the API key has been used from unexpected geographic locations.
- Examine the types of models being accessed and ensure they align with expected usage.
Mitigation Instructions:
- Immediately revoke the exposed API key in the OpenAI platform dashboard.
- Navigate to OpenAI API keys.
- Find the compromised key and select Delete.
- Generate a new API key with appropriate usage limits.
- Update all legitimate applications with the new API key.
- Consider implementing usage limits and monitoring for the new key.
- Review OpenAI's best practices for API key security.