Zhipu AI

[random-robbie]

Please review the Community Note before submitting

Description

Add detector for Zhipu AI (智谱AI) API keys. Zhipu AI is the company behind the GLM (ChatGLM) series of large language models, widely used in China for AI applications.

Preferred Solution

Key Format:

• Two-part structure separated by a dot (.)
• First part: 32-character hexadecimal string
• Second part: 16-character alphanumeric string (appears to be base62-encoded)
• Full pattern: [a-f0-9]{32}\.[A-Za-z0-9]{16}

Suggested Regex:

\b[a-f0-9]{32}\.[A-Za-z0-9]{16}\b

Context-aware detection:
Look for context clues to increase detection confidence:

• Variable names containing: ZHIPU, GLM, CHATGLM, BIGMODEL
• Proximity to API endpoints: open.bigmodel.cn
• Common header/config patterns: zhipu-api-key, glm-api-key

Verification Endpoint:

POST https://open.bigmodel.cn/api/paas/v4/chat/completions
Headers:
  Authorization: Bearer <API_KEY>
  Content-Type: application/json
Body:
{
  "model": "glm-4",
  "messages": [
    {
      "role": "user",
      "content": "test"
    }
  ]
}

Valid key returns 200 OK with chat completion, invalid key returns 401 Unauthorized with error message.

Alternative Verification (Model List):

GET https://open.bigmodel.cn/api/paas/v4/models
Headers:
  Authorization: Bearer <API_KEY>

How to Obtain a Test Key:

1. Register at Zhipu AI Open Platform: https://open.bigmodel.cn/
2. Complete account verification (requires Chinese phone number or enterprise verification)
3. Navigate to API Keys section: https://open.bigmodel.cn/usercenter/apikeys
4. Click "Create New API Key" button
5. Free tier provides initial tokens for testing

Additional Context

Zhipu AI is the company behind ChatGLM, one of the most popular open-source Chinese language models. Their commercial API platform provides access to various GLM models:

• GLM-4 (latest generation, multimodal)
• GLM-3-Turbo (faster, cost-effective)
• CharacterGLM (role-playing)
• CogView (image generation)

The distinctive two-part key format (hex.alphanumeric) makes this detector relatively straightforward with low false-positive risk.

Security Impact:
Zhipu AI keys provide access to:

• Paid API services with usage costs
• Potential exposure of conversational data
• Access to multimodal capabilities including vision and code interpretation

References

• Official Website: https://www.zhipuai.cn/
• Open Platform: https://open.bigmodel.cn/
• API Documentation: https://open.bigmodel.cn/dev/api
• Authentication Guide: https://open.bigmodel.cn/dev/api#overview
• Pricing: https://open.bigmodel.cn/pricing
• Quick Start: https://open.bigmodel.cn/dev/howuse/introduction
• GitHub (ChatGLM): https://github.com/THUDM/ChatGLM-6B