Summary: A security researcher has identified a vulnerability in OpenAI’s ChatGPT API that could allow attackers to initiate distributed denial of service (DDoS) attacks on targeted websites. By exploiting the API’s lack of URL deduplication and request limits, attackers can amplify a single request into thousands of requests directed at a victim’s site. Despite reporting the issue to OpenAI and Microsoft, no acknowledgment or response has been received regarding this serious flaw.
Threat Actor: Unknown | unknown
Victim: Targeted websites | targeted websites
Keypoints :
- The ChatGPT API can be exploited to flood a website with requests, potentially overwhelming it.
- The vulnerability arises from poor programming practices, including the lack of URL deduplication and limits on request size.
- Despite multiple reports to OpenAI and Microsoft, the issue remains unaddressed, raising concerns about the security of their systems.
Source: https://www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/