• Cryptocurrency
  • Earnings
  • Enterprise
  • About TechBooky
  • Submit Article
  • Advertise Here
  • Contact Us
TechBooky
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
TechBooky
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Home Artificial Intelligence

Researchers Warn ChatGPT Crawler May Cause DDoS Attacks on Websites

Akinola Ajibola by Akinola Ajibola
January 22, 2025
in Artificial Intelligence, Security
Share on FacebookShare on Twitter

Security researchers discovered a flaw in ChatGPT‘s wrapper that might allow thousands of requests to be sent to a website, akin to a DDoS attack. This also might allow attackers to execute DDoS assaults against unsuspecting firms.

OpenAI-owned ChatGPT may have a flaw that allows threat actors to perform distributed denial of service (DDoS) assaults on unwary targets.

According to information supplied by a cybersecurity researcher, OpenAI’s ChatGPT application programming interface (API) contains a vulnerability that can be used to launch a distributed denial of service (DDoS) assault against websites. The chatbot is said to be capable of sending thousands of network requests to a website using the ChatGPT crawler. The researcher believes that the vulnerability, which was assigned a high severity rating, is still active, with no word from the company on when it will be resolved.

German security researcher Benjamin Flesch discovered that the ChatGPT crawler, which OpenAI employs to collect data from the internet to develop ChatGPT, may be tricked into DDoSing arbitrary websites.

ChatGPT crawler can be triggered to DDoS a victim website via HTTP request to an unrelated ChatGPT API,” Flesch stated in a Github project containing a proof-of-concept. “This defect in OpenAI software will spawn a DDoS attack on the victim website, utilizing multiple Microsoft Azure IP address ranges on which ChatGPT crawler is running.” 

In a GitHub post published earlier this month, Germany-based security researcher Benjamin Flesch described the vulnerability in the ChatGPT API. The researcher also shared code for a proof-of-concept that makes 50 HTTP requests to a test website, demonstrating how the flaw may be leveraged to launch a DDoS attack.

According to Flesch, the vulnerability is discovered when handling HTTP POST requests to https://chatgpt.com/backend-api/attributions. It is a way for sending data to a server, which is commonly used by API endpoints to create new resources. When calling this function, the ChatGPT API expects a list of hyperlinks in the URL parameter.

Flesch stated that the finding was made in January 2025 and has since been brought to the attention of both OpenAI and Microsoft, neither of which has acknowledged the flaw’s existence.  

According to the researcher, an apparent vulnerability in OpenAI’s API is that it does not check whether a hyperlink to the same page appears numerous times in the list. Because hyperlinks to a website might be written in many ways, the crawler makes multiple simultaneous network queries to the same domain. Furthermore, Flesch argues that OpenAI does not impose a limit on the number of hyperlinks that can be added to the URL parameter and transmitted in the same request.

As a result, a malicious actor may send thousands of hits to a website, quickly overwhelming its server. The security researcher assigned this vulnerability a high severity “8.6 CVSS” rating because it is network-based, has low execution complexity, requires no privileges or user interaction, and can have a significant impact on availability.

Flesch claimed to have notified OpenAI and Microsoft (whose servers host the ChatGPT API) about the issue several times via various channels after identifying it in January. He claimed to have reported it to the OpenAI security team, OpenAI workers through reports, the OpenAI data privacy officer, and Microsoft’s security and Azure network operations teams.

Security experts support Flesch’s view. Elad Schulman, founder and CEO of generative AI security firm Lasso Security Inc., told SiliconANGLE via email that “ChatGPT crawlers initiated via chatbots pose significant risks to businesses, including reputational damage, data exploitation, and resource depletion through attacks such as DDoS and denial of wallet.”

“Hackers targeting generative AI chatbots can exploit chatbots to drain a victim’s financial resources, especially in the absence of necessary guardrails,” Schulman pointed out. “By leveraging these techniques, hackers can easily spend a monthly budget of a large language model-based chatbot in just a day.”

Despite several attempts to flag the vulnerability, the researcher claims that it has not been resolved and that the AI firm has not acknowledged its existence. 

Related Posts:

  • Outlook-search-Problem-after-Windows-10-security-patch-confirmed
    Microsoft Confirms June Outlook Outages Was A DDoS Attack
  • 0_c_BDi0qfpXCm4Gon
    ChatGPT Service Disrupted After Significant Outage Today
  • FILE PHOTO: A computer keyboard lit by a displayed cyber code is seen in this illustration picture
    Hackers Sabotaged Several Senegalese Government…
  • blog5f352fc3b2393_wp
    Hackers Exploit Popular WordPress Backup Tool Used…
  • app icons, social media, search _ logo, google, engine, software_md
    Google Denies Bard Was Trained With ChatGPT Data
  • openaichatgpt-1674542553
    OpenAI Is Expanding ChatGPT With Support For Plug-ins
  • OpenAI Brings Back Internet Access Feature For ChatGPT Users
    OpenAI Brings Back Internet Access Feature For ChatGPT Users
  • Screenshot-513-e1718290879733-920×513
    Apple Password App Security Flaw Exposed Users to…

Discover more from TechBooky

Subscribe to get the latest posts sent to your email.

Tags: AIChatGPTddossecurity
Akinola Ajibola

Akinola Ajibola

BROWSE BY CATEGORIES

Select Category

    Receive top tech news directly in your inbox

    subscription from
    Loading

    Freshly Squeezed

    • AI Helps Google One Reach 150 Million Subscribers May 16, 2025
    • FT Lists Paymenow, TymeBank & Omnisient Among Africa’s Fastest-Growing Firms May 16, 2025
    • MoonPay and Mastercard Partner to Advance Stablecoin Payments May 16, 2025
    • Google Gemini Advanced Users Can Now Link to GitHub May 16, 2025
    • TikTok Accused of Violating EU Internet Content Rules May 15, 2025
    • Activists and Users Criticize NCC & Telcos Over Customer Penalties May 15, 2025

    Browse Archives

    May 2025
    MTWTFSS
     1234
    567891011
    12131415161718
    19202122232425
    262728293031 
    « Apr    

    Quick Links

    • About TechBooky
    • Advertise Here
    • Contact us
    • Submit Article
    • Privacy Policy

    Recent News

    AI Helps Google One Reach 150 Million Subscribers

    AI Helps Google One Reach 150 Million Subscribers

    May 16, 2025
    FT Lists Paymenow, TymeBank & Omnisient Among Africa’s Fastest-Growing Firms

    FT Lists Paymenow, TymeBank & Omnisient Among Africa’s Fastest-Growing Firms

    May 16, 2025
    MoonPay and Mastercard Partner to Advance Stablecoin Payments

    MoonPay and Mastercard Partner to Advance Stablecoin Payments

    May 16, 2025
    Google Gemini Advanced Users Can Now Link to GitHub

    Google Gemini Advanced Users Can Now Link to GitHub

    May 16, 2025
    TikTok Accused of Violating EU Internet Content Rules

    TikTok Accused of Violating EU Internet Content Rules

    May 15, 2025
    Activists and Users Criticize NCC & Telcos Over Customer Penalties

    Activists and Users Criticize NCC & Telcos Over Customer Penalties

    May 15, 2025
    • Login

    © 2021 Design By Tech Booky Elite

    Generic selectors
    Exact matches only
    Search in title
    Search in content
    Post Type Selectors
    • African
    • Artificial Intelligence
    • Gadgets
    • Metaverse
    • Tips
    • About TechBooky
    • Advertise Here
    • Submit Article
    • Contact us

    © 2021 Design By Tech Booky Elite

    Discover more from TechBooky

    Subscribe now to keep reading and get access to the full archive.

    Continue reading

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok