OpenAI API token is stolen last Friday, and not showing in Log any api calls history at May 8 2026. big bug

Welcome to the forum!

If you think an API key was stolen, I’d treat this as a security issue first, not only a bug.

In this situation, I’d delete/rotate the affected API key immediately if you haven’t already, then check usage /logs by project/key and make sure spend limits are set.

OpenAI’s API key safety doc also says to rotate a key immediately if you believe it has been leaked:

https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety

If the usage does not match your logs, I’d contact OpenAI Support through the Help Center and include screenshots, timestamps, affected project/org, key name or key ID if available, usage details and what you already rotated/deleted.

https://help.openai.com/en