Thousands of Exposed ChatGPT API Keys Found in Public Repositories and Websites
Research by Cyble Research and Intelligence Labs (CRIL) has uncovered a widespread security risk tied to the rapid adoption of AI in software development. Over 5,000 public GitHub repositories and 3,000 live production websites were found exposing hardcoded ChatGPT API keys, creating a low barrier for malicious exploitation.
GitHub as a Hotspot for Exposed Credentials
Developers frequently embed API keys in source code, configuration files, or .env files during fast-paced development cycles, often forgetting to remove them before committing. These keys persist in commit histories, forks, and archived projects, making them easily discoverable by automated scanners. CRIL’s analysis revealed exposed keys in JavaScript applications, Python scripts, CI/CD pipelines, and infrastructure files, many of which were still valid at the time of discovery.
Production Websites Leaking Sensitive Keys
Beyond repositories, CRIL identified 3,000 public-facing websites with ChatGPT API keys embedded in client-side JavaScript, static files, or front-end assets. These keys often prefixed with sk-proj- (project-scoped) or sk-svcacct- (service-account) grant access to AI inference services, billing accounts, and sensitive prompts. Since they are exposed in client-side code, attackers can harvest them without breaching infrastructure.
Security Gaps in AI Integration
Cyble’s CISO, Richard Sands, noted that while AI systems are now critical production infrastructure, security discipline has not kept pace. The rise of "vibe coding" a culture prioritizing speed over security has led to API keys being treated as disposable configuration values rather than privileged credentials. Sands emphasized that tokens are the new passwords, yet they are frequently mishandled.
Exploitation and Financial Risks
Threat actors actively monitor GitHub, forks, and exposed JavaScript to harvest API keys at scale. Once obtained, compromised keys are used to:
- Execute high-volume AI inference workloads
- Generate phishing emails and malware
- Bypass usage quotas and drain billing accounts
- Access sensitive prompts and application logic
Unlike traditional cloud infrastructure, AI API activity often lacks centralized logging or anomaly detection, allowing abuse to go unnoticed until billing spikes or service disruptions occur. Cyble’s CPO, Kaustubh Medhe, warned that hard-coded LLM API keys risk turning innovation into liability, enabling attackers to drain budgets, manipulate workflows, and create compliance risks.
The findings highlight a critical gap in AI security practices, where rapid deployment outpaces safeguards for sensitive credentials.
Source: https://thecyberexpress.com/exposed-chatgpt-api-keys-github-websites/
OpenAI TPRM report: https://www.rankiteo.com/company/openai
"id": "ope1770972313",
"linkid": "openai",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': ['Software Development', 'AI Integration'],
'location': 'Global',
'name': 'Developers and Organizations Using ChatGPT '
'API',
'type': 'Developers, Companies'}],
'attack_vector': 'Exposed Credentials',
'data_breach': {'data_exfiltration': 'Potential (threat actors harvest keys '
'for malicious use)',
'file_types_exposed': ['JavaScript',
'Python',
'Configuration Files',
'.env Files'],
'number_of_records_exposed': 'Over 8,000 (5,000 repositories '
'+ 3,000 websites)',
'sensitivity_of_data': 'High (API keys grant access to AI '
'services and billing accounts)',
'type_of_data_compromised': ['API Keys',
'Sensitive Prompts',
'Application Logic']},
'description': 'Research by Cyble Research and Intelligence Labs (CRIL) '
'uncovered over 5,000 public GitHub repositories and 3,000 '
'live production websites exposing hardcoded ChatGPT API keys, '
'creating a low barrier for malicious exploitation. Developers '
'embedded API keys in source code, configuration files, or '
'.env files, often forgetting to remove them before '
'committing. These keys were found in JavaScript applications, '
'Python scripts, CI/CD pipelines, and infrastructure files, '
'many of which were still valid. Additionally, 3,000 '
'public-facing websites had ChatGPT API keys embedded in '
'client-side JavaScript or front-end assets, granting access '
'to AI inference services, billing accounts, and sensitive '
'prompts. Threat actors exploit these keys to execute '
'high-volume AI inference workloads, generate phishing emails, '
'bypass usage quotas, and access sensitive data.',
'impact': {'brand_reputation_impact': 'Risk of turning innovation into '
'liability',
'data_compromised': ['API keys',
'Sensitive prompts',
'Application logic'],
'financial_loss': 'Potential billing account drainage',
'legal_liabilities': 'Compliance risks',
'operational_impact': 'Service disruptions due to quota bypasses',
'revenue_loss': 'Potential budget drainage',
'systems_affected': ['AI inference services',
'Billing accounts',
'Client-side applications']},
'lessons_learned': 'AI API keys are being treated as disposable configuration '
'values rather than privileged credentials, leading to '
'widespread exposure. Security discipline has not kept '
'pace with the rapid adoption of AI in software '
'development. Tokens are the new passwords and require '
'proper safeguards.',
'motivation': ['Financial Gain', 'Data Exfiltration', 'Service Abuse'],
'post_incident_analysis': {'root_causes': ['Hardcoded API keys in public '
'repositories and client-side code',
'Lack of security discipline in AI '
'integration',
'Culture prioritizing speed over '
"security ('vibe coding')"]},
'recommendations': ['Remove hardcoded API keys from public repositories and '
'client-side code',
'Implement automated scanning for exposed credentials in '
'repositories and websites',
'Adopt secure credential management practices (e.g., '
'environment variables, secret managers)',
'Enhance monitoring for anomalous API usage and billing '
'spikes',
'Educate developers on the risks of hardcoding sensitive '
'credentials'],
'references': [{'source': 'Cyble Research and Intelligence Labs (CRIL)'}],
'title': 'Thousands of Exposed ChatGPT API Keys Found in Public Repositories '
'and Websites',
'type': 'Data Exposure',
'vulnerability_exploited': 'Hardcoded API Keys in Public Repositories and '
'Websites'}