My OpenAI bill hit $12,000 overnight — how?

Bill-shock happens in under 6 hours. Here's the cause, the recovery, and the prevention.

You check your OpenAI dashboard before coffee. The number on the usage page is five digits. You cancelled your Netflix last month to save $17. You're not sure if you're going to be able to pay this bill.

What happens next

  1. Root cause — leaked key

    90% of cases: your key got scraped from git / client bundle / log output and is being used for crypto mining or laundered inference resale.

  2. Root cause — no rate limit

    10% of cases: a user on your app is spamming your chat feature at 10 requests/second. No per-user cap means unlimited spend.

  3. First action — revoke + rotate

    Revoke the leaked key at the OpenAI dashboard. Issue a new key with the minimum necessary permissions.

  4. Second action — fraud dispute

    OpenAI has a fraud-reversal process for leaked-key cases. Open a support ticket within 7 days. Bring evidence: commit hash, rotation timestamp, usage spike graph.

Without Securie

You manually rotate the key. You manually read the fraud policy. You manually write the fraud report. You hope for the best.

With Securie

The leak would have been flagged before you went to bed. Your rate limits on paid-API endpoints would have capped the damage before any material spend accumulated.

Exactly what to do right now

  1. Revoke the compromised key at platform.openai.com/api-keys
  2. Open a support ticket with OpenAI within 7 days
  3. Audit git history for other leaked secrets
  4. Implement per-user rate limits: /guides/rate-limiting-in-next-js
  5. Set per-project daily spend cap at OpenAI
  6. Install Securie