Exposed OpenAI API Keys

An OpenAI API key is like a password for software, and OpenAI says developers should keep it on a server and never expose it in browser code, mobile apps, or public repositories. (help.openai.com) That basic rule is colliding with public code hosting. GitHub says secret scanning runs automatically and free on public repositories, and its supported-patterns list includes OpenAI among the providers it scans for. (docs.github.com) Researchers and security tools have shown how easy those leaks are to find. A public GitHub project published “search dorks” for OpenAI and other providers, and another community cheat sheet released in 2026 catalogs leaked keys and other exposed AI systems. (github.com 1) (github.com 2) Once a live key is public, an attacker does not need to break into a server. OpenAI’s help center says someone who gets the key can make requests on the owner’s behalf, which can lead to unexpected charges and exposure of some account-linked data. (help.openai.com) The risk is partly economic. OpenAI keys can be turned directly into paid model calls, and GitGuardian data cited by security firm Rafter says exposed OpenAI keys on GitHub rose 1,212% from 2022 to 2024. (rafter.so) This is not limited to toy projects or old code. A March 2026 report on a Stanford-led study said researchers found exposed keys for providers including AWS, GitHub, Stripe, and OpenAI, with one affected organization described as a global bank. (cybernews.com) OpenAI’s own API documentation repeats the same operational rule: treat the key as a secret, load it from an environment variable or key-management service, and send requests from a backend you control. The company’s production guide frames security and cost controls as part of moving from prototype to production. (developers.openai.com 1) (developers.openai.com 2) GitHub has kept expanding its defenses. In an April 14, 2026 product update, the company said it added more secret-scanning and push-protection improvements, including new defaults for some providers and more filtering in alert tools. (github.blog) Even with scanning, leaked keys still appear because the weak point is often the workflow: developers hardcode a secret during testing, commit a `.env` file, or ship client-side code that contains a usable token. OpenAI’s help article says the fix starts with never deploying keys to client environments and never committing them to a repository. (help.openai.com) The practical response is old-fashioned incident handling. Rotate the exposed key, move it behind a server, check usage for unauthorized calls, and treat every public credential as already compromised. (help.openai.com)