The world of artificial intelligence (AI) has been rocked by a new form of piracy. OpenAI’s GPT-4, the latest iteration of the groundbreaking language model, is being pirated by individuals who are scraping exposed API keys and using them to gain unauthorized access to the AI model. This alarming trend was recently reported by Vice Media, highlighting the potential security vulnerabilities in the AI industry.
The Piracy Operation
The piracy operation was first discovered on the Discord server for the r/ChatGPT subreddit. Users were found advertising stolen OpenAI API tokens that had been scraped from other people’s code. The stolen API keys were then used to implement GPT-4, racking up usage charges on the stolen OpenAI account. In one case, a user had stolen access to an OpenAI account with an upper limit of $150,000 worth of usage and was offering that access for free to other members.
OpenAI users who want to use large language models like GPT-4 need to create an account and associate a credit card with it. They are then given a unique API key to access OpenAI’s tools. If this key is stolen or exposed, anyone can start racking up charges on that person’s account.
The Method of Theft
The method of theft highlights a significant security consideration for OpenAI users. The pirate claimed to have scraped a website that allows people to collaborate on coding projects, known as Replit. It appears that many authors of code hosted on Replit did not realize they had included their OpenAI API keys in their publicly accessible code, thus exposing them to third parties.
The Impact and Response
The impact of this piracy operation is significant. One pirate, known as Discodtehe, has reportedly been scraping exposed API keys for some time. In one message, they claimed to have found over 1,000 working OpenAI API keys. They also created a website where people could request free access to the OpenAI API.
In response to this issue, OpenAI has stated that they conduct automated scans of big open repositories and revoke any discovered OpenAI keys. They also advise users not to reveal their API keys and to rotate them immediately if they think they may have been exposed.
However, some community members believe that OpenAI holds some culpability for how their authentication process works. They hope that OpenAI’s integration with Microsoft will bring better security for users in the future.
Conclusion
The piracy of GPT-4 is a stark reminder of the security vulnerabilities that exist in the AI industry. As AI continues to evolve and become more integrated into our daily lives, it is crucial that companies like OpenAI take steps to ensure the security of their users and their technology.
Source: Vice
Dead Web 
Leave a comment