I think I was part of a model distillation attack A user's compromised OpenAI API key was used in what appears to be a model distillation attack, with 114 interactions with GPT-5.5 and tasks including coding agents, benchmark creation, and insulin molecule chain export, triggering a prohibited biological use policy violation. Last night I received an email from OpenAI saying that they detected inconsistent usage on one of my API keys. It was late and I was already preparing to go to sleep, so I didn’t pay much attention to it. But a couple of minutes after that first email, I received a second one saying I had violated the “Prohibited Biological Use” policy and that’s when I really started to worry. When I opened my OpenAI platform portal, I didn’t see anything unusual. In fact, spend was $0, no requests showed up, so I was very confused until I opened the logs tab and saw the 114 interactions with gpt-5.5 all in quick succession, plus two stray requests from two days earlier that just said ping and pong. I immediately went to disable the compromised API key, and found out that it was a legacy API key I had created in 2023 to use with bettergpt.chat, a UI for ChatGPT that let you bring your own key. To be honest, I am not completely sure the leak came through that website, since they claim “If you use your own API key, it is stored exclusively in your browser and is never shared with any third-party entity. It is used solely for the exclusive purpose of accessing the OpenAI API and not for any other unauthorized use.”. This was a long time ago, and I don’t remember using that specific key for something else. So if it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck. What my API key was used for After making sure all my API keys were disabled, I started going through the logs, and there was a bit of everything in there. Someone was writing an audio+visual QA benchmark for an “omni” video model, running coding agents that build RL and benchmark environments, doing LLM-as-judge scoring, translation and quality review, PDF→Markdown OCR of Chinese textbooks, and the one task that probably set off the Prohibited Biological Use email, exporting the chains of an insulin molecule. Most of the coding traffic came out of a repo they call ga-synthesis. In each of these conversations an agent gets dropped into a task folder and told to write the scripts that set the task up, solve it, and check the result. Here is a trimmed down one for a PyMOL task, where the agent has to export the chains of an insulin molecule.