Skip to content

OpenAI

Service Name: OpenAI

Service Description: OpenAI provides artificial intelligence APIs and models for natural language processing, image generation, and other AI capabilities.

Service Address: https://openai.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to OpenAI's API services including GPT models, embeddings, DALL-E, and other AI capabilities.

Secret Revokement URL: https://platform.openai.com/api-keys

Secret Example: sk-abcdefghijklmnopqrstuvwxyz123456789ABCDEFG

Suspicious Activity Investigation Instructions:

  • Review OpenAI usage logs in the OpenAI dashboard for unusual API calls or high volume requests.
  • Check for unauthorized applications or services using the API key.
  • Monitor for unusual spending patterns or sudden increases in token usage.
  • Verify if the API key has been used from unexpected geographic locations.
  • Examine the types of models being accessed and ensure they align with expected usage.

Mitigation Instructions:

  • Immediately revoke the exposed API key in the OpenAI platform dashboard.
  • Navigate to OpenAI API keys.
  • Find the compromised key and select Delete.
  • Generate a new API key with appropriate usage limits.
  • Update all legitimate applications with the new API key.
  • Consider implementing usage limits and monitoring for the new key.
  • Review OpenAI's best practices for API key security.