Cyble’s research reveals the exposure of ChatGPT API keys online, potentially enabling large‑scale abuse and hidden AI risk.

Cyble's publication is a resource for cybersecurity professionals and businesses seeking to stay ahead of evolving cyber threats. Through detailed analysis of threat intelligence, cybersecurity trends, and real-world cyber incidents, Cyble provides  insights into emerging threats, cyber attack tactics, and risk mitigation strategies. Readers can learn about threat detection methodologies, vulnerability assessment techniques, incident response protocols, and compliance standards to enhance their cybersecurity posture. Additionally, Cyble offers expert commentary, best practices, and actionable recommendations to help organizations protect their digital assets, safeguard sensitive data, and maintain business continuity in the face of cyber threats.

Cyble

Cyble's research uncovered over 5,000 GitHub repositories and 3,000 production websites exposing ChatGPT API keys through hardcoded credentials in source code and client-side JavaScript. These exposed keys enable threat actors to abuse AI inference services, generate malicious content, and drain billing accounts. The findings reveal a critical security gap where AI credentials are treated as configuration values rather than production secrets, creating persistent exposure loops that attackers exploit through automated scanning. Organizations must implement secure secret management, eliminate client-side key embedding, enforce GitHub hygiene, and monitor AI API usage to prevent financial and operational damage.

The Rising Risk Of Exposed ChatGPT API Keys