Security Story

How API Abuse Nearly Bankrupted a Developer Tools Startup

January 2026

TL;DR

Someone discovered a developer tools company's /api/generate endpoint had no authentication or rate limiting. Over a weekend, they made millions of requests using the company's OpenAI API key. The team woke up Monday to a $47,000 bill. After lengthy negotiations, OpenAI forgave most of the charges, but only after the team proved they'd implemented proper protections.

On Monday morning, the founder of a small developer tools company opened an email from OpenAI with the subject line "Usage Alert - Action Required." The number inside made him physically ill.

The Horrifying Discovery

$47K
OpenAI charges
3.2M
API requests
48 hrs
Duration
$500
Normal monthly bill

The company's typical OpenAI bill was $500/month. That weekend had generated nearly 100x that amount. Someone had found the AI endpoint and used it as their personal GPT-4 server.

"The founder remembers sitting in his car in the parking lot, unable to go into the office. The company had maybe $20K in the bank. This bill alone would wipe them out and then some."

How They Found the Endpoint

The company had built an AI-powered code documentation tool. The frontend sent requests to /api/generate which proxied to OpenAI. Simple, clean, and completely unprotected.

// The original (terrible) endpoint
app.post('/api/generate', async (req, res) => {
  const { prompt } = req.body;

  // No auth check. No rate limit. Just vibes.
  const completion = await openai.chat.completions.create({
    model: "gpt-4",
    messages: [{ role: "user", content: prompt }]
  });

  res.json(completion);
});

The attacker probably found the endpoint through:

  • Scanning JavaScript bundles for API endpoints
  • Checking network requests in browser dev tools
  • Automated scanners looking for unprotected AI endpoints

Once they found a working endpoint, they set up a script to pump through requests 24/7.

  • No authentication required to use the endpoint
  • No rate limiting whatsoever
  • No usage caps or spending alerts set up
  • No monitoring for unusual usage patterns
  • Using GPT-4 (expensive) instead of GPT-3.5 where appropriate

The Recovery

The founder immediately rotated the API key to stop the bleeding. Then began the painful process of dealing with the bill.

OpenAI support was understanding but needed assurance this wouldn't happen again. The team documented everything:

  • Proof that requests came from unknown IPs, not their users
  • The new authentication and rate limiting implementation
  • Spending alerts configured at multiple thresholds
  • Monthly spending caps enabled

After two weeks of back-and-forth, OpenAI forgave $42,000 of the charges. The company still paid $5,000, which was painful but survivable.

The Fix

// The secure version
import { rateLimit } from 'express-rate-limit';
import { authMiddleware } from './auth';

const aiLimiter = rateLimit({
  windowMs: 60 * 1000, // 1 minute
  max: 10, // 10 requests per minute per user
  message: 'Too many requests, please slow down'
});

app.post('/api/generate',
  authMiddleware,        // Require login
  aiLimiter,             // Rate limit
  usageTracker,          // Track per-user usage
  async (req, res) => {
    const user = req.user;

    // Check user's remaining quota
    if (user.aiCredits <= 0) {
      return res.status(403).json({
        error: 'Usage limit reached'
      });
    }

    // Process request...
    await decrementUserCredits(user.id);
});

The team also set up proper OpenAI spending controls:

  • Hard spending cap: $1,000/month maximum
  • Email alerts: At $100, $300, $500, $800
  • Daily monitoring: Automated checks for unusual spikes
  • Per-user limits: Maximum requests per user per day
Key Lessons Learned
  • Always authenticate API endpoints, especially ones that cost money
  • Implement rate limiting on all public-facing endpoints
  • Set spending caps and alerts with your API providers
  • Track per-user usage to catch abuse early
  • Use the cheapest appropriate model for each task
  • Monitor for unusual patterns - weekend spikes should trigger alerts

Will OpenAI forgive fraudulent charges?

They evaluate case by case. You'll need to prove it was abuse (not legitimate usage), show what security measures you've implemented, and work with their support team. They're generally understanding but don't guarantee forgiveness.

How do attackers find unprotected AI endpoints?

They scan JavaScript bundles for API routes, monitor network traffic on popular AI apps, use automated scanners, and share discovered endpoints in underground communities. If your endpoint is public and unprotected, assume it will be found.

What's a reasonable rate limit for AI endpoints?

It depends on your use case, but for most apps: 10-20 requests per minute per authenticated user is reasonable. For anonymous/trial users, consider 3-5 requests per hour. Always combine with authentication and per-user quotas.

Related Articles

Why I Almost Gave Up on Security

The emotional journey of dealing with security as a solo founder. The overwhelm, the near-surrender, and how I found a s

When My Stripe API Key Got Leaked

A founder's story of discovering their Stripe secret key was exposed in a public GitHub repo. The panic, the response, a

The $12,000 AWS Bill That Changed Everything

How an exposed AWS credential led to a cryptocurrency mining operation on my account. The shocking bill, the investigati

When Someone Found a Health-Tech Startup's Unprotected Admin Panel

A stranger found a health-tech startup's admin panel at /admin with no authentication. They could see all patient data,

How Attackers Used AI to Breach 50,000 FortiGate Firewalls

In early 2025, AI-assisted attackers compromised 50,000 FortiGate firewalls in weeks. Here's what happened and why it ma

Scan your vibe coded projects for unprotected APIs and missing rate limits.

Security Stories

How API Abuse Nearly Bankrupted a Developer Tools Startup