I woke up to find my OpenRouter account drained—not by my own usage, but by some script kiddie who scraped an exposed environment variable from a public repo or deployment log. The balance was zeroed. The charges were for AI models I don't even use. And when I went looking for help, there was nothing. No alert hit my inbox. No threshold warning. No "hey, someone might be burning your account right now." Just silence, then a receipt.

How API Key Harvesting Works at Scale

This isn't targeted hacking—it's opportunistic automation. Attackers run bots that continuously sweep GitHub repos, CI/CD logs, and exposed .env files across the internet. They grab anything matching OPENROUTER_KEY=sk-... and spin up parallel requests to drain the balance before you even notice it's gone. The developer who wrote this piece estimates these sweeps happen hundreds of times per day. You're not a target—you're just a random variable in an automated theft script.

OpenRouter's Missing Security Basics

The real kicker isn't the money (though that hurts). It's the complete absence of basic security controls on the platform side. The author couldn't find: a spending cap toggle, an anomaly alert for sudden usage spikes, a "report abuse" button with clear visibility, or even accessible support at 3am when they're scrambling to figure out what happened. A 3000% spike in API calls should trigger automatic notification by default—that's table stakes for any payment-adjacent service. Instead, the knowledge base offers tips on being more careful.

What Developers Can Do Right Now

If you're using OpenRouter or similar AI API platforms: rotate your keys immediately if there's any chance of exposure, set hard spending limits in your account settings (the author did this after their incident), audit where your env variables are stored and who has access to deployment logs, consider short-lived credentials or scoped tokens where the platform supports it. Treat every exposed API key as compromised the moment it touches a public surface—GitHub's secret scanning catches some things, but not all.

Key Takeaways

  • Automated key harvesting runs 24/7 across GitHub, CI logs, and deployment pipelines
  • OpenRouter offers no real-time anomaly detection or spending alerts by default
  • There's no obvious "kill switch" or abuse reporting mechanism on the platform
  • After a compromise, you're mostly on your own for support

The Bottom Line

This isn't a niche edge case—it's a systemic failure in how AI API platforms handle customer security. OpenRouter needs spending caps, anomaly alerts, and accessible incident response yesterday. Until then, assume your key is already compromised if it's ever touched a public surface.