The 31 OpenAI security checks Black Cat runs
Black Cat SSPM evaluates 31 security policies against your OpenAI configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Delete stale OpenAI API keys that have not been used recently
Review OpenAI API keys owned by service accounts and ensure each has a documented purpose
Consolidate OpenAI admin API keys to the minimum required and delete unnecessary ones
Delete stale OpenAI admin API keys that have not been used recently
Reassign OpenAI admin API keys owned by service accounts to user accounts for accountability
Reduce OpenAI organization owners to 2-3 by demoting unnecessary owners to lower roles
Promote a second trusted member to Owner in the OpenAI organization for redundancy
Remove inactive OpenAI organization members who no longer require access
Remove disabled OpenAI users from the organization after confirming no active API keys remain
Delete unnecessary OpenAI service accounts from projects with excessive service account counts
Revoke unused or duplicate OpenAI project API keys to reduce key sprawl
Assign at least one human user as administrator to OpenAI projects owned only by service accounts
Delete OpenAI service accounts that are no longer associated with an active project
Rotate credentials or delete stale OpenAI service accounts that have not been active recently
Remove OpenAI groups that have no members
Bring manually managed OpenAI groups under SCIM management to reduce drift
Remove expired OpenAI invites that are still present
Verify pending OpenAI invites that grant the owner role are intentional
Resend or revoke OpenAI invites that have been pending too long
Reduce permissions on overpermissive OpenAI custom roles to follow least privilege
Delete OpenAI custom roles that have no user assignments
audit
Investigate sensitive OpenAI audit events and revoke access if the action was unauthorized
configuration
Configure rate limits on OpenAI projects that have no usage restrictions
Assign responsible users to active OpenAI projects that have no members or archive them
Investigate OpenAI usage anomalies and set rate limits or spending caps to prevent recurrence
Implement OpenAI project-level rate limits for users with abnormally high API request volumes
Investigate OpenAI users generating disproportionate output tokens for potential data extraction
Renew or replace the OpenAI certificate before it expires
Activate or remove inactive OpenAI certificates so mTLS is enforced
Scope organization-wide OpenAI certificates to specific projects
Investigate OpenAI usage categories spiking far above their average