I noticed 3 similar messages, one in Chinese, in the Responses API log. They are using a model which I dont have defined (gpt 5) in any Chat or Agent Builder.
Seems like some type of benchmarking activity…
Any ideas?
The screenshot shows gpt-5.4 at xhigh reasoning effort, and a lower max_output_tokens than would guarantee success.
If you don’t know who this is, or the application, suspect a leaked API key or a compromised account, and that full revocation is the go-to.
The screenshot task seems to be examining reasoning turns, which is internal text that OpenAI doesn’t deliver, but that someone developing competing models might do. Both “cyber threat” and “distillation” are monitored categories of use that can get an API account banned.
Besides your obvious faults such as committing code with hard-coded keys, there are hacking campaigns to poison well-known library repos with secret-stealing code.
You can look at usage, explore, and see a key ID and usage by project, but those are not the actual key, just a mapping. The billed usage may be under a “free daily tokens” if enrolled in data sharing, needing you to look into actual call counts in “chat completions (and responses)”.
Then note that API calls to Responses don’t even need to appear in logs if they are stateless calls and use "store":false as a parameter. This “log” is merely a lucky spot.
This doesn’t look like normal usage if you don’t recognize the requests or model activity.
Could be an old integration/tool using the key, but as a precautionary measure I’d recommend revoking/rotating the API key and reviewing the usage logs.
~Smith