A security researcher has revealed a vulnerability in OpenAI's ChatGPT API that allows attackers to launch distributed denial of service (DDoS) attacks on websites. By sending a large list of slightly different URLs pointing to the same target, the ChatGPT crawler can be tricked into flooding the site with requests, potentially overwhelming its servers. OpenAI has yet to acknowledge the vulnerability.
OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.
"Due to bad programming practices, OpenAI does not check if a hyperlink to the same resource appears multiple times in the list. OpenAI also does not enforce a limit on the maximum number of hyperlinks stored in the urls parameter, thereby enabling the transmission of many thousands of hyperlinks within a single HTTP request.
"Due to this amplification, the attacker can send a small number of requests to ChatGPT API, but the victim will receive a very large number of requests," Flesch explained. "To me it seems like this small API is an example project of their ChatGPT AI agents, and its task is to parse a URL out of user-provided data and then use Azure to fetch the website," he said.
Security Chatgpt Openai Ddos Vulnerability API Security Research
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queriesThe S in LLM stands for Security
Read more »
Apple Integrates ChatGPT with Siri in New iOS, iPadOS, and macOS UpdatesApple has introduced ChatGPT integration into Siri, its virtual assistant, across its iPhone, iPad, and Mac software. This highly anticipated feature allows users to ask Siri complex questions that will be answered by OpenAI's powerful GPT-4o model. While users don't need an OpenAI account to utilize this integration, they can opt for paid ChatGPT upgrades through Apple.
Read more »
OpenAI Restructures to Embrace Public Benefit Model Amidst AI CompetitionFacing intensifying competition and rising computational demands in the AI landscape, OpenAI is restructuring its organization by transitioning to a public benefit corporation (PBC) model. This move aims to facilitate large-scale investment and address the challenges posed by the growing need for computing power.
Read more »
OpenAI CEO Sam Altman Denies Sexual Abuse Allegations from SisterSam Altman, the CEO of OpenAI, has vehemently denied allegations of sexual abuse brought against him by his sister, Ann Altman. Ann's legal team filed a lawsuit in Missouri, claiming Sam engaged in sexual abuse from 1997 to 2006. Altman, along with his mother and brothers, issued a joint statement refuting all the claims. The lawsuit seeks damages exceeding $75,000 and requests a jury trial.
Read more »
OpenAI CEO's Sister Accuses Him of Years of Sexual AbuseAnn Altman alleges that her brother, OpenAI CEO Sam Altman, began sexually abusing her when she was three years old, and continued until he was an adult. Sam Altman denies the allegations, calling them 'utterly untrue'.
Read more »
How OpenAI’s Sam Altman Is Thinking About AGI and Superintelligence in 2025The OpenAI CEO recently published a blog post reflecting on AI progress, as well as his brief ouster from the company.
Read more »