-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gpt-4o model #274
Comments
No, it doesn't. I think your API key was breached. You need to disable it and create a new one. If you're exposing the key inside a client (e.g iOS or Android app), you have to think of using a backend proxy. |
It was breached again. Every network request you make to OpenAI is sniffable. Your only chance at fighting this is building your own backend or trying some service like https://www.aiproxy.pro |
Our requests to open AI are all initiated by backend services, not by clients such as browsers. |
Someone must be using that key. I don't think there is any other explanation. |
As @benadamdev said, the API key was likely compromised. Even if the requests are initiated by backend services, if the key is stored or transmitted insecurely it can be intercepted. Have you considered internal misuse of the API key? Perhaps even backend services being compromised using whatever third-party packages you may be using. Monitor the usage logs, check the security of the backend services, and like @benadamdev use a proxy service. Wishing you luck with this one! |
This is not true. If your client is using TLS the key is not sniffable. So far as I know all generators use this by default. Passing your API key through some random third party is an awful idea. I might suggest @xiejie2438 scan for malware locally. There is a lot that will steal OpenAI API keys. |
Agreed, that is why I have a self hosted proxy service in my C# generated client. Typically auth through 3rd party OAuth provider (like google or firebase) then use their token in exchange for real key on self hosted reverse proxy. |
The model I passed in using the open AI API is gpt-4o, but I saw in the bill that my API key has the number of calls to other models. Does the gpt-4o model automatically convert to other models?
The text was updated successfully, but these errors were encountered: